oscp faq
Table of Contents
faq#
The questions I see asked in r/oscp and the OffSec Discord every single week. Full answers coming — short versions below.
is the PWK course enough?#
No. It’s necessary but not sufficient. You need lab time on PG, HTB, or similar.
how long should I prep?#
Most people: 3-6 months of consistent daily practice. Depends entirely on your starting level.
should I learn Metasploit?#
Yes, but also learn to do things without it. The exam limits Metasploit usage.
do I need to know buffer overflows?#
Not for the current exam format. Still worth understanding conceptually.
how many machines should I own before the exam?#
Rough benchmark: 50+ PG Practice boxes + 20+ HTB retired boxes. But quality > quantity.
what if I fail?#
You’re in good company. Most people fail at least once. Regroup, focus on your weak areas, try again.
Full FAQ with deeper answers coming — drop questions via email and I’ll add them.