How long does it take to study for OSCP?

OSCP (Offensive Security Certified Professional) is widely regarded as the most demanding entry-level penetration testing certification. The exam requires you to compromise multiple machines in a live network within 23 hours and 45 minutes, then write a professional penetration test report. There is no multiple-choice component. This practical format means you either have the skills or you do not.

Study timeline depends on your starting point. Candidates with 1 to 2 years of cybersecurity experience and comfort with Linux, networking, and scripting typically need 3 to 6 months. Career changers or candidates without prior security experience should plan for 6 to 12 months. Most successful candidates report spending 200 to 400 hours on lab practice in addition to course material review.

Preparation approach: Complete the PEN-200 course material and all lab machines. Supplement with Hack The Box (TJ Null's OSCP-like machine list) and TryHackMe's offensive security paths. Practice buffer overflow exploitation, web application attacks, privilege escalation on Linux and Windows, and lateral movement techniques. Build a methodology document that you refine through practice. The report-writing requirement catches many candidates off guard, so practice writing professional findings reports.

OffSec's PEN-200 pricing: $1,749 for 90-day lab access or $2,499 for 365-day lab access (as of April 2026, verify current pricing at offsec.com). The exam retake fee is $249. OSCP does not expire, making it a one-time investment. According to OffSec, first-attempt pass rates are not publicly disclosed, but community estimates suggest 40-60% for well-prepared candidates. DecipherU's OSCP preparation guide provides a detailed study plan and timeline.