💻 OSCP / Ethical Hacking Exam Prep
Free, independent OSCP / PEN-200 exam-preparation for authorised, legal, defensive learning - with a signed certificate. Learn the modules, pass the exam.
Last updated: June 2026
An independent, free exam-preparation course that follows the publicly published OffSec PEN-200 / OSCP penetration-testing syllabus. It is intended strictly for AUTHORISED, LEGAL, DEFENSIVE learning: every technique here is taught so that students, blue-teamers, sysadmins and aspiring penetration testers can understand how attackers think, harden their own systems, and perform tests only on assets they own or are contractually authorised to assess. It walks through the full professional workflow — engagement scoping and rules of engagement, methodology and report writing, reconnaissance, scanning and enumeration, vulnerability identification, web-application attacks, attacking common services, client-side techniques, the fundamentals of buffer overflows, Linux and Windows privilege escalation, Active Directory attacks and authentication abuse, lateral movement, pivoting and tunnelling, password attacks, controlled use of the Metasploit Framework, and the structure of the 24-hour OSCP exam and its mandatory report. It uses visual lessons, original self-check questions and a 45-question final exam to build exam-ready understanding. It is awareness/prep only — not the official OffSec course or the OSCP exam — and claims no OffSec affiliation or endorsement. It maps to OffSec PEN-200 / OSCP penetration-testing syllabus. The course is organized into 22 modules, ending with a final exam (pass mark 80%). It is independent, free exam-preparation training — not an official or accredited review course.
What you'll learn
- Ethics, Law & Rules of Engagement
- Penetration-Testing Methodology
- Report Writing for Penetration Testers
- Information Gathering & Reconnaissance
- Scanning & Port Discovery
- Service Enumeration
- Vulnerability Identification
- Web Application Attacks
- SQL Injection & Database Attacks
- Attacking Common Services
- Client-Side Attacks
- Buffer Overflow Fundamentals
- Finding & Adapting Public Exploits
- Linux Privilege Escalation
- Windows Privilege Escalation
- Active Directory Enumeration
- Attacking AD Authentication
- Lateral Movement
- Pivoting & Tunnelling
- Password Attacks
- The Metasploit Framework (Controlled Use)
- The OSCP Exam Structure & Report
Learning objectives
- Understand the legal and ethical foundations of penetration testing — written authorisation, scope, rules of engagement, and why unauthorised access is a crime.
- Apply a repeatable penetration-testing methodology and write clear, professional, evidence-backed reports.
- Perform passive and active reconnaissance to map an authorised target's footprint.
- Scan and enumerate hosts, ports and services accurately, treating enumeration as the core of the engagement.
- Identify and validate vulnerabilities, and locate, read and safely adapt public exploit code.
- Recognise common web-application and common-service attack classes — and the defences that stop them.
- Explain the fundamentals of buffer overflows and client-side attacks at a conceptual, defensive level.
- Escalate privileges on Linux and Windows by spotting misconfigurations, and harden against them.
- Enumerate and attack Active Directory authentication, then move laterally, pivot and tunnel through an authorised network.
- Use password attacks and the Metasploit Framework responsibly within an authorised engagement.
- Pass a 45-question exam (80% to earn your certificate).