Best OSCP Training in 2026
OffSec's PEN-200 (Learn One $2,749/yr, 2 exam attempts included) is the unavoidable purchase. The official lab teaches the methodology the exam tests. Pair it with TCM Academy's Practical Ethical Hacking as a foundation ($30 lifetime), HackTheBox Academy or TryHackMe for additional reps ($14/mo), and TJ_Null's free OSCP-like machine list in the final month. Plan 6 to 12 months and 400 to 800 hours.
Comparison of the four highest-trafficked online OSCP prep options as of 2026-05-09, plus the books and practice-test vendors most candidates pair with them. No fluff, no listicles — just what's actually working in r/cissp post-pass surveys and the cybersecurity hiring channels we follow.
Comparison at a glance
| Provider | Format | Price | Time | Labs | Best for |
|---|---|---|---|---|---|
| OffSec PEN-200 (the official OSCP course) OffSec |
Self-paced course + lab + practical exam | $1,749 (90-day Course + Cert Bundle, 1 attempt) / $2,749/yr (Learn One, 2 attempts) / $6,299/yr (Learn Enterprise, full library) | 300-600 hours over 6-12 months | Yes. 60+ machines in the official lab. | Everyone. The unavoidable purchase. |
| TCM Academy — Practical Ethical Hacking (PEH) TCM Security |
Video + hands-on labs | $30 (lifetime) or included in $30/mo TCM All-Access | ~25-40 hours | Yes. Included VMs and walkthroughs. | Foundation course before OSCP |
| HackTheBox Academy + Labs HackTheBox |
Module-based labs + live machines | $14/mo (Academy) + $14/mo (VIP labs) = $28/mo combined | Self-paced; budget 100-300 hours during PEN-200 lab window | Yes. 1,000+ retired machines and dedicated OSCP-prep paths. | Volume reps during PEN-200 lab access |
| TryHackMe (Offensive Pentester / OSCP-prep paths) TryHackMe |
Guided rooms + hands-on labs | $14/mo or $108/yr | Self-paced; 100-200 hours for the offensive paths | Yes. Guided rooms with structured walkthroughs. | Beginners who need more scaffolding than HackTheBox provides |
| PortSwigger Web Security Academy PortSwigger |
Free interactive web-app labs | Free | 30-60 hours for the OSCP-relevant web modules | Yes. Fully hosted vulnerable web apps. | The web-app portion of the OSCP exam |
| TJ_Null's OSCP-like Machine List Community-curated |
Curated list of HTB / Vulnhub machines | Free | 200+ hours rooting machines | Uses your existing HTB / Vulnhub access | Final 1-2 months before exam. Pure machine reps. |
Our pick
If you're a career-switcher paying out of pocket: TCM Academy's PEH for 3 months ($30), then PEN-200 Learn One ($2,749) with the 1-year lab and 2 exam attempts. Run TJ_Null's free list during the lab window. Total around $2,800. 8 to 12 month timeline.
If your employer is paying: OffSec Learn Enterprise ($6,299/year) opens the full Learning Library: PEN-200, PEN-300, EXP-301, EXP-312, the defensive courses. Pair with HackTheBox Pro Lab passes for the team. Defensible to a manager funding a security-engineer-to-pentester transition.
If you're already experienced and need a fast track: Already done web pentesting professionally? Skip TCM Academy. PEN-200 Learn One, 2 months of HackTheBox Academy modules, 1 month of TJ_Null's list. 4-month sprint with a strong network and Linux background.
Provider deep-dives
OffSec PEN-200 (the official OSCP course) — OffSec
Self-paced course + lab + practical exam · $1,749 (90-day Course + Cert Bundle, 1 attempt) / $2,749/yr (Learn One, 2 attempts) / $6,299/yr (Learn Enterprise, full library) · 300-600 hours over 6-12 months · Labs: Yes. 60+ machines in the official lab.
Best for: Everyone. The unavoidable purchase.
What's good:
- The only training that matches OSCP exam difficulty and style. The lab teaches the methodology the exam tests.
- Learn One bundles 2 exam attempts in the same year. Realistic single-purchase cost works out to roughly $1,375 per attempt.
- Lifetime access to course materials (PDFs and videos). Useful as reference even after passing.
The honest tradeoff:
- $2,749+ is a lot of money if you're paying yourself. The 90-day Course + Cert Bundle rarely gives enough lab time for first-attempt success.
- Course PDF is dense and dated in places. Most candidates supplement with HackTheBox or TryHackMe rather than relying on the PDF alone.
TCM Academy — Practical Ethical Hacking (PEH) — TCM Security
Video + hands-on labs · $30 (lifetime) or included in $30/mo TCM All-Access · ~25-40 hours · Labs: Yes. Included VMs and walkthroughs.
Best for: Foundation course before OSCP
What's good:
- Post-pass writeups on r/oscp consistently cite PEH as the foundation course before PEN-200. Covers Active Directory, web, networking, and the PEH methodology.
- Heath Adams (TCM) is a former OSCP instructor. His teaching mirrors OffSec's expectation of methodology over toolkit memorization.
- $30 lifetime access is the highest-leverage spend in the OSCP prep market.
The honest tradeoff:
- PEH alone won't get you to OSCP. It's the on-ramp, not the destination.
- Some Active Directory content overlaps PEN-200 enough that you'll feel brief redundancy in the lab phase.
HackTheBox Academy + Labs — HackTheBox
Module-based labs + live machines · $14/mo (Academy) + $14/mo (VIP labs) = $28/mo combined · Self-paced; budget 100-300 hours during PEN-200 lab window · Labs: Yes. 1,000+ retired machines and dedicated OSCP-prep paths.
Best for: Volume reps during PEN-200 lab access
What's good:
- The OSCP-prep path is curated by HTB to mirror OSCP machine flavors: Active Directory, buffer overflows, web vulns.
- VIP retired-machines library has community walkthroughs for every box. The walkthroughs unstick you without spoiling the rest of the box.
- Pro Labs (~$30/month for multi-machine networks) approximate the 24-hour OSCP lab pivot scenario better than anything outside the official lab.
The honest tradeoff:
- Monthly subscription. Easy to overspend if your prep timeline slips past 12 months.
- Less hand-holding than TryHackMe. Expect a steeper start if you're still building Linux fluency.
TryHackMe (Offensive Pentester / OSCP-prep paths) — TryHackMe
Guided rooms + hands-on labs · $14/mo or $108/yr · Self-paced; 100-200 hours for the offensive paths · Labs: Yes. Guided rooms with structured walkthroughs.
Best for: Beginners who need more scaffolding than HackTheBox provides
What's good:
- More guided than HackTheBox. Per-module questions, hints, and step-by-step walkthroughs make first-time penetration testing less frustrating.
- The 'Offensive Pentester' path is structured to map onto OSCP exam topics.
- Cheaper annual rate than HTB. $108/yr versus $168/yr.
The honest tradeoff:
- Lower difficulty ceiling than HTB. Past the foundational rooms, HTB and the official PEN-200 lab give you more challenge.
- The gamification (badges, streaks) motivates the first month and distracts the next two.
PortSwigger Web Security Academy — PortSwigger
Free interactive web-app labs · Free · 30-60 hours for the OSCP-relevant web modules · Labs: Yes. Fully hosted vulnerable web apps.
Best for: The web-app portion of the OSCP exam
What's good:
- The best free resource for the web-app exploitation portion of OSCP. Built by the makers of Burp Suite.
- Each lab is a real, isolated, vulnerable application. Not toy CTF challenges.
- Free. No subscription, no time pressure.
The honest tradeoff:
- Web-only. Does nothing for AD, buffer overflows, or post-exploitation.
- Easy to over-invest here and undertrain the AD chain that now carries the heaviest weight on the OSCP exam.
TJ_Null's OSCP-like Machine List — Community-curated
Curated list of HTB / Vulnhub machines · Free · 200+ hours rooting machines · Labs: Uses your existing HTB / Vulnhub access
Best for: Final 1-2 months before exam. Pure machine reps.
What's good:
- Most-cited free OSCP prep resource on r/oscp. Community-maintained list of HTB and Vulnhub machines that match OSCP difficulty.
- Categorized by machine flavor (Linux/Windows, AD, web-pivot) so you can attack your weak areas.
- Combined with HTB VIP, this is the closest you can get to extra OSCP lab time without buying more PEN-200 access.
The honest tradeoff:
- Just a list. No walkthroughs, no support. Use it as a scrim, not a teacher.
- Some machines have aged out of OSCP exam style. Cross-check against recent post-pass writeups before committing.
What to skip
Generic 'penetration testing' Udemy courses
Most $15-50 Udemy 'ethical hacking' courses cover Kali tools without methodology. They will NOT prepare you for OSCP. The exam tests your ability to enumerate, pivot, and chain vulnerabilities. Running nmap is not the test. TCM Academy's PEH is the only Udemy-priced course in this comparison because Heath Adams teaches methodology, not a tool tour.
CEH (Certified Ethical Hacker) as OSCP prep
CEH is multiple-choice. OSCP is a 24-hour practical pwn. They test different skills. CEH has its own value (compliance checkboxes, federal contracting), but it's not on the path to OSCP. Don't pay for both as 'progression'.
Free resources worth knowing about
- 0xdf's machine writeups — 0xdf publishes detailed walkthroughs for retired HTB machines. Read for the methodology, not the answers.
- IppSec YouTube channel — Long-form video walkthroughs of HTB machines. The standard for learning enumeration habits.
- r/oscp — Post-pass writeups including timeline, course used, and lab counts. The most reliable signal for what works.
- OffSec Try Harder methodology — OffSec's own guidance on the mindset the exam tests. Read before paying for PEN-200.
Frequently asked questions
How long does OSCP take to prepare for?
Plan for 6 to 12 months at 10 to 20 hours per week. That's 400 to 800 total hours. Candidates with prior pentesting experience or strong CTF backgrounds close in 3 to 4 months. The exam itself is 24 hours of hands-on machine pwning plus 24 hours of report writing. The prep is the long stretch.
Do I need PEN-200 or can I skip it?
PEN-200 is required for first-time candidates. OffSec only sells the bundled Course + Cert package or Learn One. The OSCP+ Standalone Exam ($1,699) exists but it's for already-certified candidates renewing the 3-year OSCP+, not a path for first-timers. The PEN-200 lab teaches the methodology the exam tests. Skipping it materially lowers pass rates per the post-pass survey data on r/oscp.
What's better: HackTheBox or TryHackMe?
TryHackMe for the first 3 months if you're new to penetration testing. Structured, guided, less frustrating. HackTheBox once you're past the foundations. Higher difficulty ceiling, retired-machine library, and Pro Labs that approximate the OSCP exam pivot scenario. Many candidates use both. TryHackMe early. HTB during PEN-200 lab access.
Should I take TCM Academy's PEH before PEN-200?
Yes if you're new to penetration testing. TCM's PEH is the most-recommended pre-OSCP foundation course on r/oscp. $30 lifetime. Heath Adams teaches methodology in a way that mirrors OffSec's expectations. Skip it if you've already done web pentesting professionally or CTFs at intermediate level.
How much does the full OSCP prep cost?
Plan for $1,750 to $2,800 over 6 to 12 months. PEN-200 Learn One ($2,749/yr with 2 exam attempts) is the dominant cost. The Course + Cert Bundle ($1,749) is the cheaper path if you want one exam attempt and 90 days of lab. Add ~$30 for TCM Academy's PEH if you're new. Add $50-100 for 3 months of HackTheBox or TryHackMe during the lab window.
Where to go from here
- Take the cert match quiz — 7 questions, scores your fit across 70+ certs (in case OSCP isn't actually your right pick).
- CISO salary calculator — compare expected ROI on this cert against your career stage.
- CISSP / CCISO / CISM study guide — the cert-vs-cert decision before you pick a course.
- CISO Salary in 2026 — what hitting CISSP unlocks downstream.
- Play CISO Simulator free — a 5-year strategy sim drilling the budget pressure OSCP certifies you to handle.