OffSec Authorised PartnerAdvanced · Offensive2026 PEN-200Industry Gold Standard
OSCP Offensive Security Certified Pro
The gold-standard penetration-testing credential. Try Harder. PEN-200 hands-on bootcamp — active-directory chain compromise, modern client-side exploitation, web exploitation, post-exploitation. The cert that defines pentest credibility.
⏱Duration: 10 days / 80 hrs
💻Format: Bootcamp + 90-day Lab Access
🌐Delivery: On-site · Virtual · Hybrid
✅Pass rate: 84%
📅Next intake: 5 May 2026
💻
Active Directory
Modern AD chain compromise across multi-domain forests
🌐
Web exploitation
Server-side and client-side exploitation, deserialisation, SSRF
🔑
Privilege escalation
Linux + Windows privesc — the actual exam differentiator
📜
Reporting
OffSec-grade pentest report — the part most candidates underprepare
What this course is
Where you stop scanning and start exploiting.
OSCP is the global gold-standard penetration-testing credential. The exam is a 24-hour hands-on hack and a 24-hour report-writing window. You get five live boxes — a stand-alone, an Active Directory set, plus auxiliary boxes. There is no multiple-choice. There is no theory. You exploit, document, deliver.
At Nexperts, OSCP is delivered as a 10-day intensive bootcamp aligned with PEN-200 (current 2026 syllabus). We stand up an OffSec-style live lab with 60+ vulnerable hosts, walk every PEN-200 module, drill privesc, run two full 24-hour mock exams, and gate you for the real exam only when you've cleared a 70-point mock. PEN-200 lab access (90 days) and the exam voucher are included.
OSCP is the cert hiring managers in MY actually trust for pentest roles. CEH gets you to the interview; OSCP gets you the offer. The 'Try Harder' ethos is real — it shapes how you debug exploitation under timer.
The 2026 PEN-200 update sharpened Active Directory exploitation, modern client-side attacks (HTML smuggling, modern AV bypass), and removed retired tooling. We mirror the current PEN-200 syllabus exactly — not the 2021 version many courses still teach.
Who should take this course
💼
Aspiring pentesters
Building the credential most-required for pentest roles in MY.
🔍
Red-team aspirants
OSCP is the table-stakes cert before OSEP / OSWE / OSED.
🔐
SOC analysts
Moving offensive. OSCP shifts your career trajectory.
📚
Security consultants
Offering pentest services. OSCP is the cert clients ask for.
👨💻
Senior developers
Pivoting into AppSec / red team. OSCP changes role definition.
📈
Bug bounty hunters
Wanting structured methodology. OSCP gives the framework.
Prerequisites
✓ Comfortable in Linux command line and basic networking
✓ Basic scripting (Bash, Python or PowerShell)
✓ Comfortable with Windows internals at a user level
✓ We strongly recommend Pre-Security or PEN-100 fluency before OSCP
→ Don't yet have these? Ask about our 5-day OSCP-Prep bootcamp — enumeration, scripting, AD primer.
Course Curriculum
PEN-200. Mirrored, drilled, owned.
We mirror the current PEN-200 (2026) syllabus across 10 days. Each module is 60% hands-on against live boxes in our lab. Every module ends with a checkpoint: own a target before we move on. By day 10 you've owned 35+ live boxes.
Hands-On Lab Time
60+ live boxes. 90-day OffSec lab access.
Every Nexperts OSCP candidate gets 90 days of OffSec PEN-200 lab access plus full access to our internal lab during class. By exam day you should have rooted 50+ machines.
01
Recon Sprint
Recon and enum 4 targets to identify the entry vector.
Recon
02
Web 1
SQLi + LFI chain to web-shell.
Web
03
Web 2
SSRF + cloud-metadata to credentials.
Web
04
Web 3
Deserialisation to RCE.
Web
05
Client-Side
HTML smuggling + macro + AV-aware payload.
Client
06
Linux Privesc
Capability + path-injection chain.
Privesc
07
Windows Privesc
Token impersonation + service misconfig.
Privesc
08
AD: Single Domain
Kerberoast + ACL abuse to DA.
AD
09
AD: Multi-Domain
Cross-trust forest takeover.
AD
10
Pivot Lab
3-hop pivot with chisel + ligolo.
Pivot
11
Mock Exam 1
24-hour paired mock with debrief.
Exam
12
Mock Exam 2
24-hour solo mock with full report submission.
Exam
+ 50+ additional live boxes across our internal lab and the OffSec PEN-200 lab.
Exam Information
24 hours hack. 24 hours report.
OSCP is a 48-hour exam window: 24 hours of hands-on hacking against 5 live targets (one stand-alone + one 3-machine AD chain), then 24 hours to write a professional pentest report. You need 70 / 100 points to pass. Bonus points for a complete lab-report submission.
OSCP Exam (PEN-200)
Format24 hr practical hack + 24 hr report
Targets5 live boxes (1 stand-alone + AD chain of 3 + bonus)
Passing score70 / 100 points
ProctoringOffSec live proctored
Validity3 years (renewable)
Industry avg pass rate~30–40% first attempt
Nexperts pass rate84% first attempt
Our 4-Mock Programme
01
Diagnostic
End of day 2. Sets the baseline. 4-hour mini-exam.
02
8-hour Lab
End of day 5. 8-hour graded lab. Time-management drill.
03
Mock Exam 1
Day 8–9. 24-hour paired mock with full report.
04
Mock Exam 2
Day 9–10. 24-hour solo clearance mock. 70+ points before exam booking.
0%
Pass Rate
84% of our OSCP candidates pass on first attempt.
The global OSCP first-attempt rate sits between 30 and 40%. We hit 84% by gating you on a 70-point clearance mock, drilling AD attack chains, and obsessing over report quality — the part most candidates lose points on.
PEN-200 mirroredLive lab access84% first attemptFree retake voucherOffSec-aligned
Why our pass rate is 84%
Industry average: ~35%
Most candidates spend 90% of prep on enumeration and skip privilege escalation. Then they freeze at hour 8 of a 24-hour exam. Reporting kills another 15%.
Nexperts: 84%
We drill privesc until reflex. We do two full 24-hour mocks. We grade reports OffSec-style. We don't release exam vouchers until candidates clear a 70-point mock.
Your Offensive Path
OSCP is the gateway to OSEP, OSWE and OSED.
OSCP is the entry to the OffSec OSCE3 track — OSEP (evasion), OSWE (web exploit) and OSED (Windows exploit dev). Stack any two for OSCE3 and you're in the top tier of the offensive market.
Expected salary range after OSCP: RM 9,500 – RM 17,500/month for pentest roles in MY consultancies, banks and tech firms. Senior + OSCE3 stack pushes RM 20K+.
Student Reviews
What our OSCP graduates say.
4.9
★★★★★
128 reviews
5★
112%
4★
12%
3★
4%
★★★★★
"I'd attempted OSCP before with self-study and failed twice. Nexperts' AD chain drills + the 24-hour mocks were the difference. Cleared on first attempt with 90 points. The instructor's privesc methodology alone was worth the fee."
KP
Krishna Prasad
Senior Pentester · LGMS
✓ Passed first attempt (90 pts)
★★★★★
"Best OSCP bootcamp in MY full stop. The instructors are practising pentesters, not slide readers. The 24-hour mock with paired debrief was the most valuable single exercise of my prep."
FB
Faizal Baharudin
Pentester · Sapura Secured
✓ Passed first attempt (85 pts)
★★★★
"OSCP is brutal. Don't sign up thinking it's easy. But Nexperts gave me the structure to push through. Now I do red-team engagements at a Big-4 consultancy."
RT
Rachel Tan
Red Team Lead · Big-4 MY
✓ Passed first attempt (80 pts)
★★★★★
"The 'Try Harder' ethos is real. Nexperts doesn't hand you answers — they teach you how to debug exploitation under timer. That mindset shift is the cert in spirit. Cleared in 14 hours of the 24-hour window."
ZA
Zarif Anuar
Senior Security Engineer · ServiceRocket
✓ Passed first attempt (95 pts)
Copy page link
Share this course page with your team or save the URL for later.
