What is the fundamental difference between OSCP and CEH?

Format and what it proves. The OSCP is a 24-hour hands-on practical with no multiple-choice questions - you have to compromise live lab machines and then document it like a real engagement. The CEH is largely a knowledge exam, 125 multiple-choice questions over four hours, with an optional separate practical. OSCP shows you can do the work; CEH shows you know the concepts.

Which is harder, OSCP or CEH?

The OSCP is widely considered far harder. Its 24-hour practical demands real enumeration, exploitation, pivoting and privilege escalation against live targets, plus a professional report, and candidates often budget hundreds of hours of lab practice. The CEH is intermediate, concept-focused and multiple-choice, so most people prepare in a fraction of that time.

They are close, and it depends on the path. The OSCP exam is around US$1,699, or about US$1,749 bundled with the PEN-200 course, with retakes around US$249. The CEH exam is around US$1,199 but usually adds eligibility or official training that can run to US$1,000 or more. Confirm current pricing with each provider, as both change.

Do I need prerequisites or training for either?

The OSCP has no mandatory prerequisites, though OffSec strongly recommends completing the PEN-200 course first and assumes solid networking, Linux and scripting. The CEH does gate access: you either take official EC-Council training or apply for eligibility with two years of security work experience.

Which do employers prefer for a penetration-testing job?

It depends who is reading the CV. For hands-on penetration-testing and red-team roles, many practitioners rate the OSCP more highly because it proves demonstrated skill. The CEH is strong for passing HR screens and meeting compliance or government baselines. Some people hold both: CEH to clear filters, OSCP to prove ability.

Does either certification expire?

The classic OSCP does not expire, though the current OSCP+ naming introduces a three-year validity maintained with 120 CPE credits and an annual fee. The CEH is valid for three years under EC-Council's continuing-education scheme, maintained with 120 ECE credits and an annual membership fee. Check each provider for which terms apply to you.

Head-to-head comparison

OSCP vs CEH: which offensive security certification should you take?

By The Exam Atlas Editorial Team · Verified 2026-06-06

Our verdict

These two prove very different things. Choose the OSCP if you want to demonstrate genuine, hands-on penetration-testing skill and are willing to put in heavy lab time. Choose the CEH if you need a broad, HR-recognised baseline that passes compliance and government filters. One proves you can do the work; the other proves you know the concepts.

Side by side

The numbers that decide it, lined up across every dimension that matters.

	OSCP	CEH
Provider	OffSec	EC-Council
Exam type	24-hour hands-on practical	Multiple choice (optional practical)
Format	Attack a private VPN lab, then report	125 questions, 4 hours
Proves	Demonstrated exploitation skill	Breadth of offensive concepts
Cost (approx.)	~$1,699 exam (or ~$1,749 with course)	~$1,199 + eligibility/training
Prerequisites	None required; PEN-200 strongly advised	Training, or 2 years' experience + application
Recognition	High among practitioners for practical roles	High with HR and some government baselines

Full exam pages: Offensive Security Certified Professional (OSCP) · Certified Ethical Hacker (CEH)

The OSCP and the CEH are both offensive-security certifications, and they are often named in the same breath. But they test fundamentally different things, in fundamentally different ways, and confusing them leads people to buy the wrong one. This page is informational only and contains no operational attack instructions. Here is the detailed comparison, beyond the table above.

The core difference

The OSCP (Offensive Security Certified Professional, tied to OffSec’s PEN-200 course) is proven entirely by doing. There are no multiple-choice questions. You sit a 24-hour practical exam, attacking machines on a private VPN lab and then writing a professional report, and you either demonstrate the skill or you do not.

The CEH (Certified Ethical Hacker, from EC-Council) is proven mostly by knowing. It is a broad, knowledge-based exam, 125 multiple-choice questions, covering offensive tools and techniques from a defender’s standpoint, with an optional separate practical exam available.

So the headline is simple: the OSCP measures demonstrated exploitation skill; the CEH measures breadth of offensive concepts. Almost everything else follows from that.

Cost compared

Both are among the more expensive certifications, and the totals land close together:

OSCP: roughly US$1,699 for the standalone exam, or about US$1,749 for the PEN-200 course-plus-exam bundle that includes lab access, with retakes around US$249.
CEH: roughly US$1,199 for the exam, but you usually add eligibility or official EC-Council training, which can run to US$1,000 or more on top.

So neither is cheap. With the OSCP, much of the value (and the time cost) is in the lab practice; with the CEH, a large slice of the spend is the training or eligibility route. Confirm current pricing with each provider before you commit.

Difficulty and time

This is where they separate most sharply:

OSCP: a 24-hour proctored practical, roughly 23 hours 45 minutes of attack time against an Active Directory set (40 points) and three standalone machines (60 points) in an assumed-compromise model, then a further 24 hours to write and upload the report. You need 70 of 100 points. Candidates with a strong Linux and networking background often budget 200 to 300 hours of lab practice; those newer to hands-on work, considerably more.
CEH: 125 multiple-choice questions in four hours, with a cut score that varies by exam form (roughly 60 to 85 percent). It is intermediate and concept-focused, so most people prepare in a fraction of the OSCP’s lab time.

Neither result is in doubt: the OSCP is the harder, more time-intensive credential by a wide margin. The CEH is a manageable knowledge exam.

Recognition and ecosystem

Both are recognised, but by different audiences:

OSCP is highly respected among practitioners and hiring managers for hands-on penetration-testing and red-team roles, precisely because it is hard to fake. Its reputation rests on the practical exam.
CEH is well recognised by HR and meets some government and compliance baselines, which is its main strength. Among hands-on practitioners, opinions on its depth vary, and practical certifications are often rated more highly for red-team work.

In other words, the CEH is strong at getting you past filters; the OSCP is strong at proving you can do the job once you are in the room.

Career outcomes

OSCP maps to: penetration tester, red-team operator, and security roles where demonstrated exploitation skill is the point.
CEH maps to: security analyst, junior penetration tester, and roles that explicitly list CEH for compliance or government baselines.

The two are not mutually exclusive. A common pattern is to hold the CEH to clear HR and compliance screens, and the OSCP to prove genuine ability for the hands-on work. If you can only do one, your target role decides it.

How to decide

Answer one question: do you need to prove skill, or pass a filter?

You want a hands-on penetration-testing or red-team role and must demonstrate real exploitation ability → OSCP (and budget serious lab time, not just the exam fee).
You need a widely recognised baseline to pass HR or meet a government or compliance requirement, or you want structured breadth first → CEH.
You are early and lack networking and Linux fundamentals → build those first (for example with Security+ or Network+) before attempting the OSCP; the CEH is the gentler entry of the two.

One credential proves you can do the work; the other proves you know the concepts and clears the filters. Choose the one your target role actually rewards.

Which should you choose?

Choose OSCP if

People aiming for hands-on penetration-testing or red-team roles who want to prove practical exploitation skill through a real, demanding assessment.

Choose CEH if

People who need a widely recognised, HR-friendly offensive-security credential to meet a baseline or government requirement, or who want structured breadth of concepts.

Our specialty · side by side

Related comparisons

Other like-for-like match-ups featuring OSCP or CEH.

VS CEH vs CompTIA Security+: offensive hacking or security foundations? Compare →

Where these exams lead

Career paths featuring these exams

See where OSCP and CEH sit in a longer certification sequence.

How to become a penetration tester with certifications View path → How to become a CISO with certifications View path →

FAQ

What is the fundamental difference between OSCP and CEH?: Format and what it proves. The OSCP is a 24-hour hands-on practical with no multiple-choice questions - you have to compromise live lab machines and then document it like a real engagement. The CEH is largely a knowledge exam, 125 multiple-choice questions over four hours, with an optional separate practical. OSCP shows you can do the work; CEH shows you know the concepts.
Which is harder, OSCP or CEH?: The OSCP is widely considered far harder. Its 24-hour practical demands real enumeration, exploitation, pivoting and privilege escalation against live targets, plus a professional report, and candidates often budget hundreds of hours of lab practice. The CEH is intermediate, concept-focused and multiple-choice, so most people prepare in a fraction of that time.
Which costs more?: They are close, and it depends on the path. The OSCP exam is around US$1,699, or about US$1,749 bundled with the PEN-200 course, with retakes around US$249. The CEH exam is around US$1,199 but usually adds eligibility or official training that can run to US$1,000 or more. Confirm current pricing with each provider, as both change.
Do I need prerequisites or training for either?: The OSCP has no mandatory prerequisites, though OffSec strongly recommends completing the PEN-200 course first and assumes solid networking, Linux and scripting. The CEH does gate access: you either take official EC-Council training or apply for eligibility with two years of security work experience.
Which do employers prefer for a penetration-testing job?: It depends who is reading the CV. For hands-on penetration-testing and red-team roles, many practitioners rate the OSCP more highly because it proves demonstrated skill. The CEH is strong for passing HR screens and meeting compliance or government baselines. Some people hold both: CEH to clear filters, OSCP to prove ability.
Does either certification expire?: The classic OSCP does not expire, though the current OSCP+ naming introduces a three-year validity maintained with 120 CPE credits and an annual fee. The CEH is valid for three years under EC-Council's continuing-education scheme, maintained with 120 ECE credits and an annual membership fee. Check each provider for which terms apply to you.