Can I bring a cheat sheet to the OSCP exam?

OSCP is a hands-on practical, not a closed-book written exam, but it is proctored and has strict rules on what tools and resources are allowed. This page is a final-revision study aid only; always follow OffSec's current exam rules on the day.

OSCP Cheat Sheet: Exam Format, Scoring & Methodology

A final-revision summary for OSCP. It is a study aid only. The exam is a hands-on practical with its own strict, proctored rules, so always follow OffSec’s current guidance on the day.

Hands-on, not theory

Unlike a multiple-choice certification such as CEH, OSCP is proven entirely by doing. There are no questions to answer: you compromise live lab machines and document them. Revise by practising a methodology, not by memorising facts.

Exam format at a glance

Item	Detail
Format	Hands-on practical over a private VPN (no multiple choice)
Attack time	~23 hours 45 minutes
Report time	A further 24 hours to write and upload
Environment	Active Directory set + three standalone machines
Model	Assumed compromise (you start the AD portion with a foothold)
Pass mark	70 of 100 points

Points breakdown

Component	Points	Roughly
Active Directory set	40	The chained AD environment
Standalone machines	60	Independent targets (initial access + privilege escalation)

A useful way to think about it: about 60% of the marks come from gaining initial access and escalating privileges on standalone machines, and about 40% from working through the Active Directory set. Both initial access and privilege escalation are scored, so a half-finished machine still earns partial points if documented.

The PEN-200 skill areas

Skill area	One-line reminder
Enumeration	Discover every service first; this drives everything
Exploitation	Use a weakness to gain initial access
Web application attacks	Common web weaknesses leading to a foothold
Client-side attacks	Rely on user interaction
Privilege escalation	Low-privilege to higher rights (Linux and Windows)
Active Directory attacks	Move through AD from an assumed foothold
Port forwarding and tunnelling	Pivot to reach unreachable hosts
Metasploit	Use appropriately within exam rules

Methodology reminder

Step	Do this on every machine
1. Enumerate	Map all hosts, ports and services thoroughly
2. Identify	Pick the most likely weakness from what you found
3. Access	Gain an initial foothold
4. Escalate	Move to higher privileges (practise on both OSes)
5. Document	Write it up clearly enough to reproduce; points only count if documented

Exam-day reminders

Reminder	Why it matters
Enumerate before exploiting	Most candidates get stuck by skipping this
Prioritise the AD set	It is 40 of the 100 points
Take screenshots as you go	The report needs reproducible evidence
Watch the clock	Leave time for the report within the further 24 hours

OSCP Cheat Sheet: Exam Format, Scoring & Skill Areas