Blog | bokkisec

My Background

I obtained the OffSec Certified Professional (OSCP) and Certified Red Team Operator (CRTO) after graduating from university as a way to build up industry skills and increase my chances of landing a job in offensive security. I had been studying cybersecurity for about a year before the OSCP and about a year and a half before the CRTO. I decided to write this blog post to share my experiences and compare the two.

Pricing

For the OSCP, I got the most popular “Course & Cert Exam Bundle” which was priced $1649 at the time. For the CRTO, I got the “Course + 60 Days” option which costed £445.00 (approx. $560). Some people choose to get just enough lab access after they finish the course, but I found it helpful to have access to both simultaneously because I wanted to get more practice with Cobalt Strike (more on this below).

I think what might justify the price of the OSCP is the amount of industry recognition it gets, which I think is a little excessive. While searching for offensive security roles, I feel that the OSCP was mentioned in almost every other job posting, while the CRTO was only mentioned in a handful. Without taking this into consideration, the CRTO wins by a long shot in the “bang for your buck” category.

Course & Labs

Both the OSCP and CRTO courses are well-structured and provide hands-on learning experiences, but they focus on different areas of offensive security.

The OSCP course covers fundamental Penetration Testing topics using Kali Linux. A standout feature of the OSCP is its CTF-style practice labs per topic, which require you to apply what you've learned in slightly different ways, reinforcing concepts through problem-solving. Additionally, the OSCP includes challenge labs, which are large, mock environments for practical attack simulations. To get additional practice, I recommend Hack The Box (HTB) labs as a supplemental resource.

The CRTO course, on the other hand, focuses on Red Teaming, particularly in an Active Directory environment with many misconfigurations. Unlike OSCP’s CTF-style approach, CRTO provides a sandbox-style lab where everything from the course material works exactly the same in the lab. The biggest advantage of the CRTO is the hands-on experience with Cobalt Strike, a powerful and expensive Command and Control (C2) framework. To maximize this learning opportunity, I highly recommend supplementing the course with this 9-part video series on Cobalt Strike by the creator, Raphael Mudge.

Exam

The exam experience for these certifications are completely different, so I will go over some key points.

The OSCP involves 24 hours of penetration testing 3 standalone machines and 3 grouped Active Directory machines, followed by a full report that is due in another 24 hours. This style of exam is what makes OffSec certifications stand out. It can be intimidating, but the exams are designed to be doable with lots of breaks and sleep. The CRTO involves a 4-day exam with 48 hours of free-to-use lab time to find a total of 8 flags (6 to pass). I found this to be a much more chill experience because you are free to take much longer breaks while still having plenty of time to complete the exam. It also gives you time to practice techniques like persistence which aren’t necessary to pass the exam.

As for the course vs exam difficulty, I would say you might need a little more practice than just the course for the OSCP, but just the course will suffice for the CRTO. If you have prior experience with penetration testing (e.g. HTB or real world), you should be chilling for the OSCP. If not, I would recommend being comfortable with the easier “Easy” rated HTB machines. For the CRTO, you should just be chilling if you paid attention during the course and got some practice using Cobalt Strike with Defender enabled.

Final Thoughts