Proctoring OSCP Exams

Offensive Security Online Exam Proctoring

When we started out with our online training courses over 12 years ago, we made hard choices about the nature of our courses and certifications. We went against the grain, against the common certification standards, and came up with a unique certification model in the field – “Hands-on, practical certifications”.

OSCP – An Industry Standard

Twelve years later, these choices have paid off. The industry as a whole has realized that most of the multiple choice, technical certifications do not necessarily guarantee a candidate’s technical level…and for many in the offensive security field, the OSCP has turned into a golden industry standard.

This has been wonderful for certification holders as they find themselves actively recruited by employers due to the fact that they have proven themselves as being able to stand up to the stress of a hard, 24-hour exam – and still deliver a quality report.

However, this increase in popularity has come with an ever-increasing number of attempts to subvert or otherwise cheat the exam process, or alternatively misrepresent a certification status. We’d like to quickly talk about each of these issues separately.

Misrepresentation of Certification Status

We’ve always kept the privacy of our students as a core principle. This sometimes brings with it complexity–for example: if we get a request asking for the certification status of John Doe, we do not release that information before contacting John, and asking their permission unless John has already agreed to sharing his certification status. While this process is very protective of our students, it also makes it cumbersome to identify whether John is actually Offensive Security Certified.

In the past year, we’ve noticed an increasing number of individuals who claim to be OS certified, when they are not – or alternatively, have had their certifications revoked. We believe this to be happening as the OS certification verification process is not easy or seamless. We have therefore partnered with Acclaim Digital Badges to help with the verification process. We are currently in a soft launch pilot with badges being issued to new certificate earners daily. Once we make sure all our data flows and processes are in good shape, we will announce how our alumni can also claim their badges.

Cheating on Practical Exams

Over the years, we’ve learned and developed an art to identifying individuals who attempt to cheat in their exams, using several visual and non-visual cues. While these attempts are few and far between, we’ve identified certain groups of individuals who have persisted in their attempts at cheating and have caused themselves harm in the process (once someone is found cheating or violating our code of ethics, they are stripped of any certifications and banned from our courses for life). As our student base continues to grow, we have seen an increase in the number of cheating attempts through both our identification methods and thanks to community members who give us their insights. This is where proctoring comes in.

Proctoring

Recently, we updated our registration emails and website with FAQs announcing the launch of proctoring for some exams. While the added complexity of exam proctoring is a hassle all around, we strongly believe it will go far in curbing cheating attempts and maintaining the integrity of our certifications. We have been doing extensive testing of this process with willing volunteers for over half a year and we have found that compared to traditional proctored exams, this process is much less stressful and maintains the freedom you require when committing to a 24 hour exam process. This solution provides us additional integrity of the exam process, while still allowing you to take the test wherever you like, you don’t have to ask for permission when wanting to take a nap or use the restroom, and other benefits typically associated with our rigorous exam process. This entire process is done with proctors that are full time employees of Offensive Security.

The proctoring process uses screen sharing software and your webcam. We ask that the screen share remain enabled during your entire exam. However, if you need to change locations or disconnect for any reason, we will pause your exam VPN to allow you to do what is needed and then restart the exam VPN once you reconnect. The webcam may be disabled during breaks and any time you’re not actively in your exam. There is no audio feed for the exam and the proctor cannot hear you. The goal is to be able to be a silent observer during your exam to assist our exam graders with any anomalies they may see in your report.

oscp-exam

OSCP has always been an “open book” exam. We encourage you to use Google, your notes, or other tools and the proctor will not disqualify your exam for any of those reasons or for having your phone or another person enter the room. The goal of the proctor is to observe and help ensure you are taking the exam on your own and it is actually you performing the practical skills.

We didn’t make the decision to move to proctored exams lightly. We fully understand that not everyone will agree with our decision and some may feel the addition of proctoring is personally not viable for them. We had an extended pilot launch with volunteers to allow us not only to tweak our processes, internal training, and systems but also to gather feedback. We have listened to the hundreds of students who voluntarily took a proctored version of the exam and we made adjustments along the way. The vast majority of the feedback we received is that the process was non-intrusive and worth the small effort to help protect the integrity of the certification.

But What About My Privacy?

We are really excited about this new safeguard being deployed. We firmly believe that there is no point in having a tough exam you have to sweat over if the integrity of the exam is not such that it can’t prevent cheaters. This new online proctoring solution will go a long way in helping to maintain that integrity.

We encourage anyone who has questions or concerns about this new proctoring initiative to contact us and ask questions regarding this matter. Our updated privacy policy covers more details about the proctors, the proctoring data collected, and our data retention policy and is up to date with the latest concerns following the rollout of GDPR.

Does the Launch of Proctored Exams Devalue My Non-proctored Exam?

We don’t believe so. Your certificate, badge, and the information about your certification all stay the same. OSCP does not become OSCPP or OSCP+ just because it is proctored. The addition of proctoring is in response to changes happening today in terms of preventing cheating. The technical skills and mastery demonstrated by earning your OSCP two years ago is still just as valued as it is today. We firmly believe the OSCP is an indicator of your skills, but hiring managers or client engagements should be able to test those skills via the screening process with you.

We continuously strive to not only improve the relevance of our courses and the value of the certifications but to protect the integrity of our alumni. We fully believe the skills demonstrated through earning your certification with the leading training company in the field should be something to be proud of for a lifetime. We hope you see the positive changes in this endeavor as we have many more exciting things to come in the next year!

NEW!

Advanced Web Attacks and Exploitation (AWAE)

NOW AVAILABLE ONLINE! Advanced Web Attacks and Exploitation (AWAE).

You can now take OffSec’s most popular in-person training as an online course.

Earn your OSWE

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb