Análisis de Certificaciones de Ciberseguridad Ofensiva | Parte II

Analysis of Offensive Cybersecurity Certifications | Part II


In the previous installment of Offensive Cybersecurity Certifications, we were talking about eJPT (Junior Penetration Tester) and eWPT (Web Penetration Tester). During today's delivery we will tell you what other possibilities exist regarding Offensive Cybersecurity Certifications:

CRTP (Certified Red Team Professional)


Altered Security's CRTP (Certified Red Team Professional) is a Red Team certification that evaluates an individual's ability to compromise enterprise Active Directory environments.

Objective audience

This certification is designed for individuals seeking to gain the knowledge necessary to conduct Red Team exercises and internal security audits. However, it is also an excellent option for those who simply want to expand their knowledge in compromising enterprise Active Directory environments.


  • Active Directory Enumeration: Enumerate useful information such as users, groups, group memberships, computers, user properties, trusts, ACLs, etc., to map attack paths.
  • Local Privilege Escalation: Escalate local privileges on Windows machines in the target domain.
  • Domain Privilege Escalation: Discover credentials and sessions of administrator accounts, apply classic techniques such as Kerberoast and its variants, identify and exploit delegation problems, as well as learn how to abuse the privileges of protected groups.
  • Domain Persistence: Exploit Kerberos functionality to persist with domain administrator privileges, forge tickets to carry out attacks such as "Golden ticket" and "Silver ticket". Subvert domain-level authentication with techniques like "Skeleton key" and custom SSP.

Exam format

The CRTP is a 24-hour exam that consists of performing an internal audit on an Active Directory from a Windows machine and with a provided domain user. The goal of the exam is to achieve command execution on all machines, regardless of whether they have administrator privileges or not. In total, there are 5 machines, excluding the examinee's own. After completing the practical part, you have 48 hours to send the report.


In order to take the exam, it is necessary to purchase the Altered Security course, which offers three different options. The most affordable option is priced at $249 and includes 30 days of lab access, lifetime access to course material, and one exam attempt.

The second option is priced at $379 and includes 60 days of lab access, lifetime access to course material, and one exam attempt.

The third option is priced at $499 and includes 90 days of lab, lifetime access to course material, and one exam attempt.

There is the possibility of purchasing an additional exam attempt for $99. If you wish to extend access to the laboratory for 30 days, in addition to obtaining another exam attempt, it is possible to do so for $199.

OSCP (Offensive Security Certified Professional)


The OSCP (Offensive Security Certified Professional) is one of the most recognized certifications in the world of offensive security. It is a totally practical certification with which you learn pentesting methodologies and the use of tools that are included in the Kali Linux distribution.

Objective audience

This certification is not designed for people who are taking their first steps in pentesting, unlike others like the eJPT. It is aimed at people who have a little more advanced technical knowledge, either through professional experience or having spent time solving challenges on platforms like TryHackMe or HackTheBox.


  • Pentesting methodologies: Understanding ethical hacking and pentesting methodology, including reconnaissance, enumeration, exploitation, post-exploitation and reporting.
  • Linux fundamentals: knowledge of the Linux operating system, command line interface and file system.
  • Networking Concepts: Understanding networking protocols and concepts, including TCP/IP, routing, and firewalls.
  • Web Application Security: knowledge of vulnerabilities in web applications, including SQL injection, cross-site scripting (XSS) and command injection.
  • Windows Security: Knowledge of the security of the Windows operating system, including user accounts, file permissions, and Active Directory.
  • Exploit Development: Knowledge of exploit development techniques, including reverse engineering, assembly language and debugging.
  • Wireless Security: understanding of concepts and vulnerabilities in wireless networks.
  • Cryptography: Understanding cryptographic concepts and techniques, including encryption, decryption, and hashing.

Exam format

The exam is divided into two parts: the exploitation phase and the preparation of the report, each lasting 24 hours. The total evaluation consists of 100 points, and it is necessary to obtain at least 70 to pass. The 100 points are divided as follows:

  • 60 points: 3 independent machines, each with a score of 20 points. These 20 points are divided into 10 for gaining access to the machine and another 10 for escalating privileges and becoming administrator/root.
  • 40 points: Active directory environment with 2 clients and a domain controller. Points are only earned if the entire active directory is compromised, with no possibility of partial points. This means that you get 40 points or none.

Additionally, in addition to the points earned on the exam, there is the possibility of earning up to 10 additional points by completing the following:

  • 30 machines from the preparation laboratory.
  • 80% of the exercises in each category.


In order to take the exam, it is necessary to purchase the PEN-200 (PWK) course from Offensive Security. The cheapest option is priced at $1,649 and includes 90 days of lab access and one exam attempt.

The Learn One subscription is priced at $2,599 per year and provides access to the lab for one year, as well as two exam attempts. 

The Learn Unlimited subscription is priced at $5,499 per year and includes all courses in the OffSec training library, plus unlimited exam attempts.

BSCP (Burp Suite Certified Practitioner)


The BSCP (Burp Suite Certified Practitioner) is a certification created by the developers of Burp Suite, which is the quintessential web pentesting tool. Earning this certification demonstrates a deep understanding of web application vulnerabilities, the right mindset to exploit them, and of course, the necessary Burp Suite skills to perform these actions.

Objective audience

This certification has a high level of difficulty and is designed for people who want to dedicate themselves to web application pentesting professionally. It is not necessary to previously have any web pentesting certification to be able to acquire the BSCP, but it is advisable to have minimal knowledge about the operation of web applications.


The content of this certification is all the modules of the PortSwigger academy:

  • Server-side vulnerabilities:
    • Authentication
    • Path traversal
    • Command injection
    • Business logic vulnerabilities
    • Disclosure of information
    • Access control
    • File upload vulnerabilities
    • Race conditions
    • Server-side request forgery (SSRF)
    • XXE, SQL and NoSQL injection
    • API testing

  • Client-side vulnerabilities:
    • Cross-site scripting (XSS)
    • Cross-site request forgery (CSRF)
    • Cross-origin resource sharing (CORS)
    • Clickjacking
    • DOM-based vulnerabilities
    • WebSockets

Exam format

You have four hours to breach two web applications, each consisting of three phases. In each phase, one or more vulnerabilities must be identified that must be exploited to advance to the next phase.

In phase 1, you start as an unauthenticated user with the goal of escalating to a low-privilege user. Then, in phase 2, it must be escalated to an administrator user, and finally, in phase 3, the goal is to read a system file.


Each exam attempt costs €89. Unlike other certifications, the BSCP does not require purchasing the exam together with a training course, since the official training is the PortSwigger academy, which is free.

It must be taken into account that in order to take the exam it is necessary to use Burp Suite Professional, which has a price of €449.

Javier Martín , Cybersecurity Analyst at Zerolynx .

return to blog

Leave a comment

Please note that comments must be approved before they are published.