Best OSCP Training in 2026
OffSec's PEN-200 (Learn One $2,749/yr, 2 exam attempts included) is the unavoidable purchase. The official lab teaches the methodology the exam tests. Pair it with TCM Academy's Practical Ethical Hacking as a foundation ($30 lifetime), HackTheBox Academy or TryHackMe for additional reps ($14/mo), and TJ_Null's free OSCP-like machine list in the final month. Plan 6 to 12 months and 400 to 800 hours.
Affiliate disclosure: Links marked with † are
affiliate links — we earn a small commission if you buy through them
(Amazon Associates, tag cisobility-20). The recommendations
come from r/oscp post-pass surveys and our own practitioner
experience; the affiliate relationship doesn't influence what we recommend.
Comparison of the four highest-trafficked online OSCP prep options as of 2026-05-23, plus the books and practice-test vendors most candidates pair with them. No fluff, no listicles — just what's actually working in r/oscp post-pass surveys and the cybersecurity hiring channels we follow.
Comparison at a glance
| Provider | Format | Price | Time | Labs | Best for |
|---|---|---|---|---|---|
| OffSec PEN-200 (the official OSCP course) OffSec |
Self-paced course + lab + practical exam | $1,749 (90-day Course + Cert Bundle, 1 attempt) / $2,749/yr (Learn One, 2 attempts) / $6,299/yr (Learn Enterprise, full library) | 300-600 hours over 6-12 months | Yes. 60+ machines in the official lab. | Everyone. The unavoidable purchase. |
| TCM Academy — Practical Ethical Hacking (PEH) TCM Security |
Video + hands-on labs | $30 (lifetime) or included in $30/mo TCM All-Access | ~25-40 hours | Yes. Included VMs and walkthroughs. | Foundation course before OSCP |
| HackTheBox Academy + Labs HackTheBox |
Module-based labs + live machines | $14/mo (Academy) + $14/mo (VIP labs) = $28/mo combined | Self-paced; budget 100-300 hours during PEN-200 lab window | Yes. 1,000+ retired machines and dedicated OSCP-prep paths. | Volume reps during PEN-200 lab access |
| TryHackMe (Offensive Pentester / OSCP-prep paths) TryHackMe |
Guided rooms + hands-on labs | $14/mo or $108/yr | Self-paced; 100-200 hours for the offensive paths | Yes. Guided rooms with structured walkthroughs. | Beginners who need more scaffolding than HackTheBox provides |
| PortSwigger Web Security Academy PortSwigger |
Free interactive web-app labs | Free | 30-60 hours for the OSCP-relevant web modules | Yes. Fully hosted vulnerable web apps. | The web-app portion of the OSCP exam |
| TJ_Null's OSCP-like Machine List Community-curated |
Curated list of HTB / Vulnhub machines | Free | 200+ hours rooting machines | Uses your existing HTB / Vulnhub access | Final 1-2 months before exam. Pure machine reps. |
| Penetration Testing: A Hands-On Introduction to Hacking † No Starch Press / Georgia Weidman |
Print or Kindle | $25-50 (often on sale) | ~80 hours over 2-3 months | Companion VMs included | The foundation read before you touch PEN-200 |
| The Hacker Playbook 3: Practical Guide to Penetration Testing † Peter Kim |
Print or Kindle | $25-35 | ~40 hours of reading + reps | Companion lab setup walkthrough included | Mid-prep read between TCM Academy and PEN-200's lab |
Our pick
If you're a career-switcher paying out of pocket: TCM Academy's PEH for 3 months ($30), then PEN-200 Learn One ($2,749) with the 1-year lab and 2 exam attempts. Run TJ_Null's free list during the lab window. Total around $2,800. 8 to 12 month timeline.
If your employer is paying: OffSec Learn Enterprise ($6,299/year) opens the full Learning Library: PEN-200, PEN-300, EXP-301, EXP-312, the defensive courses. Pair with HackTheBox Pro Lab passes for the team. Defensible to a manager funding a security-engineer-to-pentester transition.
If you're already experienced and need a fast track: Already done web pentesting professionally? Skip TCM Academy. PEN-200 Learn One, 2 months of HackTheBox Academy modules, 1 month of TJ_Null's list. 4-month sprint with a strong network and Linux background.
Provider deep-dives
OffSec PEN-200 (the official OSCP course) — OffSec
Self-paced course + lab + practical exam · $1,749 (90-day Course + Cert Bundle, 1 attempt) / $2,749/yr (Learn One, 2 attempts) / $6,299/yr (Learn Enterprise, full library) · 300-600 hours over 6-12 months · Labs: Yes. 60+ machines in the official lab.
Best for: Everyone. The unavoidable purchase.
What's good:
- The only training that matches OSCP exam difficulty and style. The lab teaches the methodology the exam tests.
- Learn One bundles 2 exam attempts in the same year. Realistic single-purchase cost works out to roughly $1,375 per attempt.
- Lifetime access to course materials (PDFs and videos). Useful as reference even after passing.
The honest tradeoff:
- $2,749+ is a lot of money if you're paying yourself. The 90-day Course + Cert Bundle rarely gives enough lab time for first-attempt success.
- Course PDF is dense and dated in places. Most candidates supplement with HackTheBox or TryHackMe rather than relying on the PDF alone.
TCM Academy — Practical Ethical Hacking (PEH) — TCM Security
Video + hands-on labs · $30 (lifetime) or included in $30/mo TCM All-Access · ~25-40 hours · Labs: Yes. Included VMs and walkthroughs.
Best for: Foundation course before OSCP
What's good:
- Post-pass writeups on r/oscp consistently cite PEH as the foundation course before PEN-200. Covers Active Directory, web, networking, and the PEH methodology.
- Heath Adams (TCM) is a former OSCP instructor. His teaching mirrors OffSec's expectation of methodology over toolkit memorization.
- $30 lifetime access is the highest-leverage spend in the OSCP prep market.
The honest tradeoff:
- PEH alone won't get you to OSCP. It's the on-ramp, not the destination.
- Some Active Directory content overlaps PEN-200 enough that you'll feel brief redundancy in the lab phase.
HackTheBox Academy + Labs — HackTheBox
Module-based labs + live machines · $14/mo (Academy) + $14/mo (VIP labs) = $28/mo combined · Self-paced; budget 100-300 hours during PEN-200 lab window · Labs: Yes. 1,000+ retired machines and dedicated OSCP-prep paths.
Best for: Volume reps during PEN-200 lab access
What's good:
- The OSCP-prep path is curated by HTB to mirror OSCP machine flavors: Active Directory, buffer overflows, web vulns.
- VIP retired-machines library has community walkthroughs for every box. The walkthroughs unstick you without spoiling the rest of the box.
- Pro Labs (~$30/month for multi-machine networks) approximate the 24-hour OSCP lab pivot scenario better than anything outside the official lab.
The honest tradeoff:
- Monthly subscription. Easy to overspend if your prep timeline slips past 12 months.
- Less hand-holding than TryHackMe. Expect a steeper start if you're still building Linux fluency.
TryHackMe (Offensive Pentester / OSCP-prep paths) — TryHackMe
Guided rooms + hands-on labs · $14/mo or $108/yr · Self-paced; 100-200 hours for the offensive paths · Labs: Yes. Guided rooms with structured walkthroughs.
Best for: Beginners who need more scaffolding than HackTheBox provides
What's good:
- More guided than HackTheBox. Per-module questions, hints, and step-by-step walkthroughs make first-time penetration testing less frustrating.
- The 'Offensive Pentester' path is structured to map onto OSCP exam topics.
- Cheaper annual rate than HTB. $108/yr versus $168/yr.
The honest tradeoff:
- Lower difficulty ceiling than HTB. Past the foundational rooms, HTB and the official PEN-200 lab give you more challenge.
- The gamification (badges, streaks) motivates the first month and distracts the next two.
PortSwigger Web Security Academy — PortSwigger
Free interactive web-app labs · Free · 30-60 hours for the OSCP-relevant web modules · Labs: Yes. Fully hosted vulnerable web apps.
Best for: The web-app portion of the OSCP exam
What's good:
- The best free resource for the web-app exploitation portion of OSCP. Built by the makers of Burp Suite.
- Each lab is a real, isolated, vulnerable application. Not toy CTF challenges.
- Free. No subscription, no time pressure.
The honest tradeoff:
- Web-only. Does nothing for AD, buffer overflows, or post-exploitation.
- Easy to over-invest here and undertrain the AD chain that now carries the heaviest weight on the OSCP exam.
TJ_Null's OSCP-like Machine List — Community-curated
Curated list of HTB / Vulnhub machines · Free · 200+ hours rooting machines · Labs: Uses your existing HTB / Vulnhub access
Best for: Final 1-2 months before exam. Pure machine reps.
What's good:
- Most-cited free OSCP prep resource on r/oscp. Community-maintained list of HTB and Vulnhub machines that match OSCP difficulty.
- Categorized by machine flavor (Linux/Windows, AD, web-pivot) so you can attack your weak areas.
- Combined with HTB VIP, this is the closest you can get to extra OSCP lab time without buying more PEN-200 access.
The honest tradeoff:
- Just a list. No walkthroughs, no support. Use it as a scrim, not a teacher.
- Some machines have aged out of OSCP exam style. Cross-check against recent post-pass writeups before committing.
Penetration Testing: A Hands-On Introduction to Hacking — No Starch Press / Georgia Weidman
Print or Kindle · $25-50 (often on sale) · ~80 hours over 2-3 months · Labs: Companion VMs included
Best for: The foundation read before you touch PEN-200
What's good:
- Georgia Weidman's book is THE most-cited foundation read in r/oscp. People who passed often started here months before enrolling in PEN-200.
- Walks the full kill-chain — recon, exploitation, privilege escalation, pivoting — with worked examples. The methodology is exactly what OSCP tests.
- The companion VM lab gives you a free practice environment before paying $2,749 for the official OffSec lab.
The honest tradeoff:
- Published 2014. Some specific tool versions are dated (Metasploit modules in particular). The methodology is timeless; the syntax sometimes isn't.
- Written for someone with zero pentest background. If you've already done HTB Easy boxes, you'll outrun the early chapters.
Open No Starch Press / Georgia Weidman → †
The Hacker Playbook 3: Practical Guide to Penetration Testing — Peter Kim
Print or Kindle · $25-35 · ~40 hours of reading + reps · Labs: Companion lab setup walkthrough included
Best for: Mid-prep read between TCM Academy and PEN-200's lab
What's good:
- Reads like a play-by-play of a real engagement: recon, breach, lateral movement, persistence. Closer to what OSCP throws at you than a tool tour.
- Shorter than Weidman's book — easier to finish during the busiest weeks of prep.
- Strong Active Directory chapter that lines up with the AD-heavy 2022+ OSCP exam format.
The honest tradeoff:
- Published 2018. Some Windows / Active Directory techniques have aged out of modern environments — cross-check against the OffSec syllabus.
- More 'red team' than the OSCP exam scope. Useful, but you'll skip 20-30% of the content as out-of-bounds for OSCP.
What to skip
Generic 'penetration testing' Udemy courses
Most $15-50 Udemy 'ethical hacking' courses cover Kali tools without methodology. They will NOT prepare you for OSCP. The exam tests your ability to enumerate, pivot, and chain vulnerabilities. Running nmap is not the test. TCM Academy's PEH is the only Udemy-priced course in this comparison because Heath Adams teaches methodology, not a tool tour.
CEH (Certified Ethical Hacker) as OSCP prep
CEH is multiple-choice. OSCP is a 24-hour practical pwn. They test different skills. CEH has its own value (compliance checkboxes, federal contracting), but it's not on the path to OSCP. Don't pay for both as 'progression'.
Free resources worth knowing about
- 0xdf's machine writeups — 0xdf publishes detailed walkthroughs for retired HTB machines. Read for the methodology, not the answers.
- IppSec YouTube channel — Long-form video walkthroughs of HTB machines. The standard for learning enumeration habits.
- r/oscp — Post-pass writeups including timeline, course used, and lab counts. The most reliable signal for what works.
- OffSec Try Harder methodology — OffSec's own guidance on the mindset the exam tests. Read before paying for PEN-200.
Frequently asked questions
How long does OSCP take to prepare for?
Plan for 6 to 12 months at 10 to 20 hours per week. That's 400 to 800 total hours. Candidates with prior pentesting experience or strong CTF backgrounds close in 3 to 4 months. The exam itself is 24 hours of hands-on machine pwning plus 24 hours of report writing. The prep is the long stretch.
Do I need PEN-200 or can I skip it?
PEN-200 is required for first-time candidates. OffSec only sells the bundled Course + Cert package or Learn One. The OSCP+ Standalone Exam ($1,699) exists but it's for already-certified candidates renewing the 3-year OSCP+, not a path for first-timers. The PEN-200 lab teaches the methodology the exam tests. Skipping it materially lowers pass rates per the post-pass survey data on r/oscp.
What's better: HackTheBox or TryHackMe?
TryHackMe for the first 3 months if you're new to penetration testing. Structured, guided, less frustrating. HackTheBox once you're past the foundations. Higher difficulty ceiling, retired-machine library, and Pro Labs that approximate the OSCP exam pivot scenario. Many candidates use both. TryHackMe early. HTB during PEN-200 lab access.
Should I take TCM Academy's PEH before PEN-200?
Yes if you're new to penetration testing. TCM's PEH is the most-recommended pre-OSCP foundation course on r/oscp. $30 lifetime. Heath Adams teaches methodology in a way that mirrors OffSec's expectations. Skip it if you've already done web pentesting professionally or CTFs at intermediate level.
How much does the full OSCP prep cost?
Plan for $1,750 to $2,800 over 6 to 12 months. PEN-200 Learn One ($2,749/yr with 2 exam attempts) is the dominant cost. The Course + Cert Bundle ($1,749) is the cheaper path if you want one exam attempt and 90 days of lab. Add ~$30 for TCM Academy's PEH if you're new. Add $50-100 for 3 months of HackTheBox or TryHackMe during the lab window.
Where to go from here
- Take the cert match quiz — 7 questions, scores your fit across 70+ certs (in case OSCP isn't actually your right pick).
- CISO salary calculator — compare expected ROI on this cert against your career stage.
- CISSP / CCISO / CISM study guide — the cert-vs-cert decision before you pick a course.
- CISO Salary in 2026 — what hitting CISSP unlocks downstream.
- Play CISO Simulator free — a 5-year strategy sim drilling the budget pressure OSCP certifies you to handle.