How many months should I study for OSCP?

Three to six months is typical. This plan uses 16 weeks at around 10 to 15 hours per week; people with a strong Linux and networking background may compress it, while those newer to hands-on offence may need longer.

Can I pass OSCP by reading alone?

No. The exam is a hands-on practical, so the plan is built around practising against safe, legal lab machines and writing a report for each one, not just reading material.

Study Plan · Cybersecurity

OSCP Study Plan: A 16-Week Hands-On Schedule

expert

A free, realistic 16-week OSCP study plan covering the PEN-200 skill areas, with weekly goals, checkpoints and a lab strategy for the 24-hour practical exam.

By The Exam Atlas Editorial Team · Verified 2026-06-06

A realistic 16-week plan at roughly 10 to 15 hours per week. OSCP is won in the lab, not on paper, so this plan front-loads fundamentals, then spends most of its time on hands-on practice and report writing. Adopt a fixed methodology early (enumerate, exploit, escalate, document) and repeat it on every machine.

Weeks	Focus	Checkpoint
1–2	Fundamentals: networking, Linux CLI, Bash/Python basics	You can navigate Linux and write a simple script
3–4	Enumeration methodology	You enumerate a target’s services methodically every time
5–6	Service exploitation in a safe lab	You can gain initial access on a straightforward standalone machine
7–8	Web application attacks	You recognise common web weaknesses and how they lead to a foothold
9–10	Privilege escalation (Linux)	You can escalate from a low-privilege foothold on Linux
11	Privilege escalation (Windows)	You can escalate on Windows hosts
12	Client-side attacks; port forwarding and tunnelling	You can pivot to reach an otherwise unreachable host
13–14	Active Directory attacks (assumed compromise)	You can move through a chained AD set from a foothold
15	Full practice machines, end to end	You compromise a box and escalate without hints
16	Report writing + weak-area revision	You write a clear, reproducible report for every machine

Tips for the final two weeks

The exam is a 24-hour hands-on practical (about 23 hours 45 minutes of attack time, then a further 24 hours for the report), so build stamina with full, end-to-end practice machines rather than isolated exercises. Prioritise the Active Directory set, since it is worth 40 of the 100 points, and keep drilling privilege escalation on both Linux and Windows. Write a short report for every machine you practise on so documentation is automatic on exam day; points only count if they are documented clearly enough to reproduce. Do not use “real exam questions” or leaked-content sites; the exam is practical and such material both violates OffSec policy and will not prepare you for it.

FAQ

How many months should I study for OSCP?: Three to six months is typical. This plan uses 16 weeks at around 10 to 15 hours per week; people with a strong Linux and networking background may compress it, while those newer to hands-on offence may need longer.
Can I pass OSCP by reading alone?: No. The exam is a hands-on practical, so the plan is built around practising against safe, legal lab machines and writing a report for each one, not just reading material.

Sources

OffSec - PEN-200 (OSCP) ↗

Quick facts

Provider: OffSec (Offensive Security)
Exam code: PEN-200
Level: expert
Format: Hands-on practical penetration test over a private VPN lab (no multiple choice). You attack an Active Directory set plus three standalone machines in an assumed-compromise model, then write a professional report.
Questions: Not applicable (hands-on practical)
Duration: 23h 45m
Passing score: 70 / 100 (Active Directory set 40 pts + standalone machines 60 pts)
Exam fee: $1699 (Approximate. Standalone exam ~US$1,699; course-plus-exam bundle (PEN-200) ~US$1,749; retake ~US$249. Confirm current pricing with OffSec.)
Validity: OSCP: no expiry. OSCP+ (the current naming): 3 years (120 CPE credits + annual fee)
Languages: EN