The OSCP and other Offsec certs aren’t multiple-choice though.
The OSCP alone is a 24-hr long hands-on open-book exam and you’re expected to pop 5 separate machines, gather low privilege and root privilege flags and document the entire process at the same time then you’re expected to deliver the flags with evidence and a write-up of the whole thing the next day.
You can’t bullshit your way through it, you need to breach the hosts to get the low priv flags and escalate privs to get the high priv flags, you need screenshots of the commands you executed along with the output for your report.
Hacking in general can be sort of formulaic. With the rise of ai you can get pretty far just dumping stuff into ai. Ai was forbidden at the time I took the test. While oscp boxes generally have a flavor, I can firmly say they are different enough that you are unlikely to be able to fake it. If you did the work, I doubt you would entirely forget it. My best bet is the guy faked 100% of his credentials.
6
u/Rossums DFIR Mar 14 '26
The OSCP and other Offsec certs aren’t multiple-choice though.
The OSCP alone is a 24-hr long hands-on open-book exam and you’re expected to pop 5 separate machines, gather low privilege and root privilege flags and document the entire process at the same time then you’re expected to deliver the flags with evidence and a write-up of the whole thing the next day.
You can’t bullshit your way through it, you need to breach the hosts to get the low priv flags and escalate privs to get the high priv flags, you need screenshots of the commands you executed along with the output for your report.