OffSec updates the PEN-200 curriculum every 12-18 months. The 2025 course now includes , which older PDFs (v1, v2, even v3) do not cover. If you study a 2019 PDF, you will fail the modern AD set (worth 40-50% of the exam).
In addition to the main course guide, OffSec provides an that outlines every topic and subtopic in the course. This is a fantastic resource for tracking your progress and ensuring you haven't missed any exam objectives.
No. The full PDF is only available to enrolled students. OffSec provides a free ebook overview but not the complete course material.
The is the official course offered by OffSec to prepare candidates for the OSCP (OffSec Certified Professional) certification. The course content is delivered via an online learning portal and includes a downloadable PDF manual , instructional videos, and access to a massive hands-on lab environment. Course Curriculum & PDF Structure oscp pen200 pdf
"I decided to focus only on the PEN-200 course and did not supplement it with anything else. What I should have done, is start on the boxes right from the start. My learning contained neither repetition nor active recall."
OffSec provides that you are highly encouraged to use for the final documentation you submit.
"The whole point of doing these boxes is to improve and practice your methodology. I have a note in my obsidian vault named 'Methodology' that contains 100's of lines and checklists, that I constantly update and refer to." OffSec updates the PEN-200 curriculum every 12-18 months
Finding the "in"—is it a weak password or an unpatched service? Exploitation: Getting your initial shell. Post-Exploitation/Privilege Escalation: Moving from a low-level user to Reporting:
Active Directory is now a mandatory, heavily-weighted component of the OSCP exam.
The primary learning material is an 850-page PDF course guide accompanied by over 17 hours of video content. In addition to the main course guide, OffSec
When stuck on a concept or a lab machine, exhaust your research options via man pages, Google, and the OffSec forums before looking at hints. 5. Official vs. Unofficial Material: A Warning on Piracy
Here is a secret: On exam day, you will barely open the PDF. You will rely on your , /usr/share/exploitdb , and searchsploit . The official PDF is too slow to navigate under a 24-hour clock. Use it during preparation , not during the exam.
Practice a strict documentation methodology. Take screenshots of your flags, write down your exploit steps, and organize your notes using tools like , CherryTree , or Notion . Step 3: Supplement with External Resources