Post

I am ditching the OSCP for a better path

A brief post on why I am ditching the OSCP and what I will be doing instead

Posted Updated
By Yash Thakkar
5 min read

I am ditching the OSCP for a better path

I will be structuring this as What I’ve been doing so far, Why?, If not OSCP then what?

TLDR

Doesn’t seem like it’s worth the price tag lol.

What I’ve been doing so far

I finished a couple APIsec University courses. Will be doing like 2 more as and when I get time.

I finished all Easy and Medium PicoCTF challenges, the Hard ones are actually hard and I am unable to understand them even with the writeups.

I read 7 chapters of Web Application Hacker’s Handbook. Felt burnt out after that, might finish that.

I started learning Golang, will learn Python as well.

Why?

I posted about feeling dread after passing the CPTS. I wrote about it here.

I was already unsure about spending $1700 on the OSCP. I was told by multiple people that 1. Everyone has it these days and that 2. It will be too easy for you.

I then started to do the PGPractice Labs from Lain Kusanagi’s list. The machines that they claim should take 1.5-2 hours, I was able to root in 30 minutes or less. It’s either, leaked credentials, default credentials or some CVE abuse.

I did two hard-rated labs a few weeks back which were not hard for me at all as I had learnt the concepts during my CPTS prep. If this was hard then it wasn’t hard enough for me.

It makes no sense for me to spend such a significant amount of money on a subpar certification where I will not learn anything new. I am better off buying a HTB academy gold annual sub and get the CAPE or CWEE certification even if it isn’t that well recognised. Spending my own money to tick off the checkboxes for HR is something I refuse to do.

Many entry level positions require the OSCP. Yes it is easy, but the cost makes no sense for me. If I still had to spend my money, I’d go get the OSEP, OSWE or OSED. At least those aren’t entry level.

This post by Lain Kusanagi was the breaking point for me. If OSCP can’t guarantee a high paying job, why bother?

Another friend of mine was asking me about finding a cheap place to stay in my city as a friend of his got a red team entry level role because he had the OSCP, but he was being paid Rupees 550,000. That is 6191.51$ ~ 6200$. It might seem like a lot as India has a low cost of living, but there is no way he can afford a place close to the place of work. Even after all this, there will be a commute through crowded public transport, maybe share a space with more people and live like a student for a couple years till he gets experience and moves on to a higher paying job. I am not complaining, but it is unfair to ask people to spend equivalent of a years worth of college tuition or more on a certification that won’t teach them everything they need to know plus a 4 year bachelor’s degree preferably in STEM.

For $1750, I can get Course + 1 Exam attempt for OSCP or for $1700 I can get 2 exam attempts and no course/labs.

Or, for $1700, I can get HTB Gold Annual Sub on which I can get CWEE or CAPE certification + access to advanced learning material for both these certifications, ($1260), Burp Suite certified professional exam ($100) where the learning material is free. Then if I am interested in AD, I can get the CRTO by Zero Point Security ($220) which by the way has unlimited exam attempts and lifetime course access or I can get the CAPE from HTB ($350). It makes no sense to get the OSCP where I can get 2-3 Much Superior certifications at the same price.

Considering all this, I have chosen not to go for the OSCP. It is overpriced and subpar as compared to the CPTS and if a job requires me to have it, they should pay for it, not me.

If not OSCP then what?

Here are my goals now that I am not doing the OSCP. I honestly enjoyed the web application hacking part on the CPTS over AD. AD was alright but Web seems interesting.

So these are my goals for 2026:

  1. Finish all tier 0, 1 and 2 modules on HTB Academy before my Student ID from college gets revoked. Even though there is time for this, I still want to do it before the end of 2025.

  2. Finish the 2 APIsec University courses that are currently left. This I will do when I feel bored.

  3. Finish all Portswigger Labs. Give the BSCP next year.

  4. Get the HTB gold annual sub and give the CWEE next year.

  5. Get good at jeopardy style CTFs. Especially web. Will start with Web and once confident in it, venture into reversing and pwn.

  6. If I feel like it, get the OSWE next year. Not sure how I will feel after CWEE.

  7. Get good at programming. I have started learning Golang, I will try to get great at it and also get good at Python. I had read on some review for CWEE that Python scripting is mandatory as you have to write your own exploits for CWEE. I think it’s the same for OSWE, but ChatGPT or any AI coding assistants are not allowed so I need to do it myself.

  8. Write more writeups and walkthroughs.

  9. Try my hand at bug bounty to actually apply my skills and have some extra money.

Conclusion

My goal for next year is to become great at Web CTFs and Web Exploitation and maybe make some money from Bug Bounty.

Art I used: https://www.deviantart.com/tadp0l3/art/Nocturnal-skies-146160144

OSCP Prep
oscp
This post is licensed under CC BY 4.0 by the author.

Trending Tags

oscp cpts bscp nmap sqli xss ad