Offensive Security Certified Professional (OSCP, also known as OffSec Certified Professional) is an ethical hacking certification offered by Offensive Security (or OffSec) that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution (successor of BackTrack). [1] The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. [2] It is considered more technical than other ethical hacking certifications, [3] [4] and is one of the few certifications that requires evidence of practical penetration testing skills. [5]
The OSCP does not require recertification. [6]
Successful completion of the OSCP exam qualifies the student for 40 (ISC)² CPE credits.
In 2015, the UK's predominant accreditation body for penetration testing, CREST, [7] began recognising OSCP as equivalent to their intermediate level qualification CREST Registered Tester (CRT). [8]
In "Kali Linux: A toolbox for pentest," JM Porup called OSCP certification "coveted" because it required passing a difficult 24-hour exam demonstrating hacking. [9] In a press release on a new chief operating officer for a security services company, the company's use of OSCP professionals was described as a strength. [10] In "The Ultimate Guide To Getting Started With Cybersecurity" Vishal Chawla of Analytics India Mag recommended OSCP as one of two "well known" security certifications. [11] In an interview of Offensive Security CEO Ning Wang, Adam Bannister of The Daily Swig discussed a "major update" to "Penetration Testing with Kali Linux (PWK)" training course, which leads to OSCP certification for students who pass the final exam. [12] The training updates were discussed in detail in helpnet security. [13]
In The Basics of Web Hacking: Tools and Techniques to Attack the Web, Josh Pauli called OSCP "highly respected." [14] Cybersecurity Education for Awareness and Compliance gave a syllabus outline of the training course for OSCP. [15] In Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails, co-author Christopher Hadnagy listed OSCP as one of his qualifications. [16] Certified Ethical Hacker (CEH) Foundation Guide listed OSCP as one of two certifications by Offensive Security for a "Security Testing Track." [17] Sicherheit von Webanwendungen in der Praxis also included OSCP in a list of recommended certifications. [18] Building a Pentesting Lab for Wireless Networks called Offensive Security training "practical and hands-on" and said they were "most recommended." [19]
In "The Information Security Undergraduate Curriculum: Evolution of a Small Program" Lionel Mew of University of Richmond said 35% of Information security jobs require certifications, and described OSCP as a "popular certification." [20] "Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance" called OSCP an "advanced certification" and one of "a select few" requiring hands-on penetration skills demonstrations. [21]
The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.
This is a list of operating systems specifically focused on security. Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.
A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.
Certified Ethical Hacker (CEH) is a qualification given by EC-Council and obtained by demonstrating knowledge of assessing the security of computer systems by looking for vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system. This knowledge is assessed by answering multiple choice questions regarding various ethical hacking techniques and tools. The code for the CEH exam is 312–50. This certification has now been made a baseline with a progression to the CEH (Practical), launched in March 2018, a test of penetration testing skills in a lab environment where the candidate must demonstrate the ability to apply techniques and use penetration testing tools to compromise various simulated systems within a virtual environment.
BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, Khaled Baoween (Kali) & the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.
EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.
Michael Gregg is an American computer security specialist, businessman, author and co-author of several books, including Build Your Own Network Security Lab and Inside Network Security Assessment. He has also served as an expert witness before a congressional committee on cyber security and identity theft.
The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.
In hacking, a wargame is a cyber-security challenge and mind sport in which the competitors must exploit or defend a vulnerability in a system or application, and/or gain or prevent access to a computer system.
Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.
Parrot OS is a Linux distribution based on Debian with a focus on security, privacy, and development.
Offensive Security is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni, and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.
Kali NetHunter is a free and open-source mobile penetration testing platform for Android devices, based on Kali Linux. Kali NetHunter is available for non-rooted devices, for rooted devices that have a standard recovery, and for rooted devices with custom recovery for which a NetHunter specific kernel is available (NetHunter). Official images are published by Offensive Security on their download page and are updated every quarter. NetHunter images with custom kernels are published for the most popular supported devices, such as Google Nexus, Samsung Galaxy and OnePlus. Many more models are supported, and images not published by Offensive Security can be generated using NetHunter build scripts. Kali NetHunter is maintained by a community of volunteers, and is funded by Offensive Security.
Terry Cutler is a Canadian cyber security expert and teacher, often described as an "ethical hacker" for his long term work with cyber security and protection. Cutler is the founder, former CTO, and current CEO of Cyology Labs and the vice-president of cyber security at SIRCO. He is also the creator of "The Course On Internet Safety". Cyology Labs's focal point is cyber security and data safety. Prior to founding Cyology Labs in 2015, Cutler founded Digital Locksmiths, Inc. focusing on data security of cloud and mobile solutions. Cutler is an often cited source on Cyber security and has been featured on various televisions shows across Canada. He describes himself as a "cyologist", a trademarked term of his own invention for a person who works in cyber security.
Rafay Baloch is a Pakistani ethical hacker and security researcher. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, The Express Tribune and TechCrunch. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award. In 2021, Islamabad High court designated Rafay Baloch as an amicus curia for a case concerning social media regulations.
William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.
BlackArch is a penetration testing distribution based on Arch Linux that provides a large number of security tools. It is an open-source distro created specially for penetration testers and security researchers. The repository contains more than 2900 tools that can be installed individually or in groups. BlackArch Linux is compatible with existing Arch Linux installations.
ExploitDB, sometimes stylized as Exploit Database or Exploit-Database, is a public and open source vulnerability database maintained by Offensive Security. While the database is publicly available via their website, the database can also be used by utilizing the searchsploit command-line tool which is native to Kali Linux.