certification

OffSec Experienced Penetration Tester (OSEP)

RoleMath DifficultyRigor 91Barrier 64two cited lenses · profile below

Source-cited RoleMath page about OffSec Experienced Penetration Tester (OSEP).

Check if you’re ready ↓

Researched by RoleMath Research. Every figure on this page traces to the official source shown next to it.

A stretch credential — plan for real background first.

Offensive Security Osep assumes more background than a first-cert candidate typically has. Building hands-on practice first is the more efficient path; the domains below are your study map. RoleMath Difficulty methodology

Who this certification is designed for

The vendor’s stated audience, plus an honest fit for your starting point. No pass rates, no guarantees.

Per Offensive Security: No required experience or prerequisite stated. Recommended completion of PEN-200 and OSCP+ or equivalent knowledge and skills; learners should be comfortable with operating systems, TCP/IP networking, scripting, and offensive-security fundamentals. Offensive Security Osep — official vendor page

◐ Reach — conditions apply

None - no formal prerequisite or experience requirement stated; vendor-recommended background is advisory. It remains a reach for a new learner because the cited background recommendation is: No required experience or prerequisite stated. Recommended completion of PEN-200 and OSCP+ or equivalent knowledge and skills; learners should be comfortable with operating systems, TCP/IP networking, scripting, and offensive-security fundamentals.

Eligibility source Recommended background and registration boundary Official credential page Official eligibility source Official exam structure source

Funding to check: exam and prep costs may be reachable through vouchers, WIOA, Workforce Pell, GI Bill, or employer education assistance — eligibility depends on your location, provider, and status. Compare funding options →

Difficulty profile

A cited estimate of what the exam requires, split into two honest lenses — not one number, not a pass rate. RoleMath Difficulty methodology

Exam rigor (the test itself)90.6

3 of 4 cited signals · Moderate confidence

Barrier from zero (background it assumes)64.4

5 of 6 cited signals · Moderate confidence

These are exam-structure lenses, not a pass rate or anything about you.

Cost & upkeep

Exam fee plus what it takes to keep it — the recurring cost most pages hide.

Recertification terms
OSEP has no expiration date; no renewal exam or CPE requirement. Offensive Security Osep — official vendor page

No ROI math here — we never compare cost to a salary.

Skills measured

The official objective domains and their exam weight — titles & weights only, straight from the vendor’s exam objectives. Offensive Security Osep — official vendor page

Operating System and Programming TheoryPlain-English orientation: use this as the topic area to study for Operating System and Programming Theory. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Client-Side Code Execution with OfficePlain-English orientation: use this as the topic area to study for Client-Side Code Execution with Office. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Client-Side Code Execution with JscriptPlain-English orientation: use this as the topic area to study for Client-Side Code Execution with Jscript. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Process Injection and MigrationPlain-English orientation: use this as the topic area to study for Process Injection and Migration. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Introduction to Antivirus EvasionPlain-English orientation: use this as the topic area to study for Introduction to Antivirus Evasion. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Advanced Antivirus EvasionPlain-English orientation: use this as the topic area to study for Advanced Antivirus Evasion. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Application WhitelistingPlain-English orientation: use this as the topic area to study for Application Whitelisting. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Bypassing Network FiltersPlain-English orientation: use this as the topic area to study for Bypassing Network Filters. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Linux Post-ExploitationPlain-English orientation: use this as the topic area to study for Linux Post-Exploitation. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Windows Post-ExploitationPlain-English orientation: use this as the topic area to study for Windows Post-Exploitation. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Kiosk BreakoutsPlain-English orientation: use this as the topic area to study for Kiosk Breakouts. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Windows CredentialsPlain-English orientation: use this as the topic area to study for Windows Credentials. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Windows Lateral MovementPlain-English orientation: use this as the topic area to study for Windows Lateral Movement. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Linux Lateral MovementPlain-English orientation: use this as the topic area to study for Linux Lateral Movement. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Microsoft SQL AttacksPlain-English orientation: use this as the topic area to study for Microsoft SQL Attacks. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Active Directory ExploitationPlain-English orientation: use this as the topic area to study for Active Directory Exploitation. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Combining the PiecesPlain-English orientation: use this as the topic area to study for Combining the Pieces. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)
Trying HarderPlain-English orientation: use this as the topic area to study for Trying Harder. The official objectives define the exact vendor tasks.Official study guide PEN-300;OSEP (2026-06-26)

This vendor does not publish exam-domain weightings, so the domains are shown unweighted.

Prerequisites

What's required vs merely recommended — stated plainly.

Hard requirement
None — open registration Offensive Security Osep — official vendor page

“Recommended” is the vendor’s guidance, not a gate — you can register today.

Optional · about 2 minutes

Not sure if Offensive Security Osep is the right next step for you?

Answer a few quick questions and we’ll map your background against the exam’s published domains and the vendor’s recommended prep — a study order and a sequencing read, not a score or a pass prediction. Everything you need to decide is already above; open this only if you want a personalized plan.

Every figure on this page, sourced

The claims above trace to these records — the source, and when it was last checked. If a figure has no row here, we did not publish it.

IDSupportsSourceChecked
SCHEMA-CIT-1Schema citationoffensive-security-osepLogged in source packet
SCHEMA-CIT-2Schema citationOfficial Candidate BundleLogged in source packet

Ready to see how this fits your background?

Find out if OffSec Experienced Penetration Tester (OSEP) fits your background.