Plain-English definitions of terms that recur in OSCP and PEN-200 study. Simplified for learning and kept at a conceptual level; the official OffSec course materials are authoritative. Nothing here is an operational attack instruction.
| Term | Definition |
|---|---|
| OSCP | Offensive Security Certified Professional: OffSec’s hands-on penetration-testing certification, tied to the PEN-200 course. |
| OSCP+ | The current naming of the credential, valid three years and maintained with CPE credits and an annual fee. |
| PEN-200 | OffSec’s course “Penetration Testing with Kali Linux”, which the OSCP exam is based on. |
| OffSec | Offensive Security, the organisation behind PEN-200 and the OSCP. |
| Penetration test | An authorised, scoped assessment that tries to find and demonstrate security weaknesses. |
| Enumeration | Systematically discovering hosts, ports, services and other details about a target. |
| Footprinting | Early information gathering to build a picture of the target before active testing. |
| Exploitation | Using an identified weakness to gain access to a system. |
| Initial access | The first foothold gained on a target during an engagement. |
| Privilege escalation | Moving from limited access to higher (often administrative) rights on a host. |
| Local privilege escalation | Escalating rights on a machine where you already have a foothold. |
| Lateral movement | Moving from one compromised host to another within a network. |
| Pivoting | Using a machine you control to reach hosts you cannot access directly. |
| Port forwarding | Redirecting traffic through a controlled host to reach an internal service. |
| Tunnelling | Encapsulating traffic to route it through an intermediary, often to reach internal hosts. |
| Active Directory (AD) | Microsoft’s directory service for managing users, computers and permissions in a Windows network. |
| AD set | The chained Active Directory environment in the OSCP exam, worth 40 of the 100 points. |
| Standalone machine | An independent target in the OSCP exam, separate from the AD set, worth points toward the 60-point pool. |
| Assumed compromise | An exam model where you begin with a foothold and are tested on what you do next, not on initial access. |
| Foothold | An initial point of access on a target from which you can work further. |
| Web application attack | A weakness in a web application that can lead to access, studied conceptually here. |
| Client-side attack | A technique that relies on a user interacting with something rather than attacking a service directly. |
| Metasploit | A widely used exploitation framework; its use in the OSCP exam is governed by specific rules. |
| Kali Linux | A Linux distribution with penetration-testing tools, used throughout PEN-200. |
| Reverse shell | A connection that gives an operator interactive control of a compromised host (conceptual). |
| Payload | The code or action delivered by an exploit to achieve a goal (conceptual). |
| Proof / flag | A token retrieved from a compromised machine to prove access for the exam report. |
| Report | The professional write-up of the engagement; on the exam you have a further 24 hours to submit it. |
| Rules of engagement | The agreed scope and limits of an authorised test: what may be tested and how. |
| Scope | The defined set of systems and actions that are authorised for testing. |
| Proctoring | Live monitoring of a candidate during the exam to ensure the rules are followed. |
| CPE credits | Continuing Professional Education credits used to keep OSCP+ valid over its three-year cycle. |
| Assumed-compromise vs black box | Starting with a foothold (assumed compromise) versus starting with no inside access (black box). |