OSCP is probably the most dreaded certificate for a penetration tester. And for someone who is trying to start a career as a penetration tester, this is a magic bullet that will help you to get noticed by the recruiters. At the same time, it will give you solid knowledge and skills (that you will gain during the course of preparing for OSCP). However, it comes at its own cost, and not only financial cost. You have to consider the effort you will have to put into preparing for the exam. As the voucher costs a significant amount of money, let’s make a little research to check if it is possible to get OSCP for free.
What Is the Price of OSCP?
Offensive Security has official prices on its website.
What is important to understand about the OSCP prices, is that there are different packages. And the amount you will have to pay depends on the number of days for the lab access. The cheapest option is an exam voucher with 30 days of lab access. And it costs 999 US dollars.
While the cheapest OSCP package provides a decent number of days to practice for the exam, it might not be sufficient. If you have the skills, and enough time for these 30 days that you can spend on the practice, you might consider this package. But do not forget that this exam is different than others, and it is not a walk in the park. 30 days may not be enough. You should also consider packages with 60, or 90 days of lab access.
If you can afford the most expensive package, it provides you 365 days of lab access and 2 OSCP exam attempts. However, it costs 2148 $.
And of course, no matter what package you will choose, you will get the PEN-200 course material.
Keep in mind that these are not fixed forever prices and Offensive Security might change it anytime. Refer to the information on their official website to get the latest information.
How to Get OSCP for Free?
I’ve made a little research and checked if there were any OSCP giveaways in the past. Additionally, I’ve concluded a list of other options for how you can get the OSCP for free. But these options do not give the access to labs and the voucher for free, it rather shows possibilities of how you can get financing for it.
If you are thinking of searching for pirated OSCP material, the advice is don’t. First of all, you will unlikely find anything, because the material of Offensive Security has watermarks on it that can lead to a specific student. And even if you’ve managed to find anything, this is highly unethical and the material will probably be outdated or inaccurate. You will only make harm to yourself. At the same time, you might get banned by Offensive Security from getting any certificate of theirs.
Way no. 1 start blogging/vlogging and create Patreon/Ko-fi
Bughacking is one of the examples of how your blog can look. You can write about your penetration testing journey. And trust me, you don’t have to be an expert on the subject to start a blog. Even if you are a beginner, you can produce great content. Just make sure it is aimed at newbies. By sharing your first steps, talking about the mistakes you made, expressing how you feel, you can help other people.
And you can run your blog for free.
As your main focus is content, static pages are enough for you. You can use static pages generator such as Jekyll, and you can host it on Github pages for free. The only thing you will need is the domain.
After you have your blog up and running, you have to set up an account on a platform where people can support you. One of them is Ko-fi. On this platform, people can buy you “coffee”. You can create a goal on Ko-fi platform for collecting the money for buying the OSCP package and share the link on your blog. Anyone that likes your content will be able to contribute to your goal by donating a few bucks.
Way no. 2 ask for your employer to pay for it
While this can be a paradox, as there is a chance you want to get OSCP to get a job. But if you are already working in cybersecurity (but not necessarily in this domain), your employer might agree to finance it. Usually, companies have policies and budgets for trainings, so make sure if there is a chance your company might finance the certificate.
Way no. 3 participate in various contests, giveaways
On some rare occasions, you might found a CTF, or event, that gives free OSCP lab access and exam attempt as a prize. One of the examples is the Advent of Cyber 2020, which was an event organized by Tryhackme in the December of 2020. I’ve written a post and shared my experience of participating.
However, this type of event does not happen that often. You have to constantly be alert for these type of events. And of course, the competition is pretty high. Over 36k hackers checked this room, while not all of them participated, there were still thousands of them.
If you are following the cybersecurity community on Twitter (you should do so, as cybersecurity people are active on Twitter), once in a while you might see giveaways for OSCP. But this does not happen often.
And one more giveaway was organized by WPSCAN. This one was pretty interesting. In order to participate in the raffle, you had to submit a valid WordPress relatted vulnerability. Right now the post is deleted, but it can still be accessed from the Wayback Machine.
While there is a chance to get the voucher for OSCP for free, the possibility is pretty low. It is better not to have any false illusions. If you are willing to try taking the exam, you should consider paying for it by yourself. Or if you have a chance, ask for the employer to finance it. However, if you are trying to enter the penetration testing with this certificate, bear in mind that this is not the only way. Hacker mindset and skills are way more important than any certificate. And there are ways how you can prove yourself without the certificates.
Highly passionate about cyber security (penetration testing, bug bounty hunting, cybersecurity in general), and blogging. I am experienced in vulnerability assessments, penetration testing, various security audits, had worked with various clients, most of them were in finance sector. Currently holder of CompTIA Security+, CEH, CEH Practical, and CEH Master certificates.