PwnKata
Start drilling free
Home CPTS vs OSCP
Certification comparison · updated June 2026

CPTS vs OSCP: which pentest cert should you choose?

Two of the most respected hands-on penetration-testing certifications, built on very different exams. Here's an honest, vendor-neutral breakdown — format, cost, difficulty, and recognition — so you can pick the one that fits your goal. We don't sell either cert; we help you drill the skills both demand.

Offensive-security practitioners · OSCP
Updated June 2026

Written by the PwnKata team — OSCP-certified practitioners who build the drills and the technique guides published here, focused on turning exam-level offensive-security skills into repeatable, verifiable reps.

The short answer

If you're in a hurry

Choose OSCP if you need the credential employers recognise on sight and you want a sharp, time-boxed test of execution under pressure. It's still the default line on job descriptions, and the 24-hour clock is the whole point.

Choose CPTS if you want to prove end-to-end engagement skill — recon to Domain Admin across a realistic network, written up like a real report — for a fraction of the cost. It's broader, more modern, and a strong first step.

The skills overlap almost entirely. Whichever you pick, you're drilling the same primitives — so the better question is which exam format suits you.

Side by side

OSCP and CPTS, compared

Figures are current for 2026; always confirm against the official exam guides linked below.

OSCP OffSec · PEN-200 CPTS Hack The Box
Exam window 24 hours hands-on+ 24h to submit the report 10 days hands-on+ 10 days to submit the report
Targets 3 standalone boxes + a 3-host Active Directory set One connected ~8-host black-box enterprise network
Scoring 70 of 100 points to passno bonus points since Nov 2024 Manually reviewed report — demonstrate the full kill chain
Shape Box-by-box, scored in islands One engagement, pivoting throughout
Active Directory weight 40 of 100 points Woven through the whole network
Standalone exam? No — must buy a training package Yes — voucher sold separately
Retake New paid voucher A second attempt is included
Cost (2026) ~$1,749 PEN-200 bundlecourse + 90-day labs + 1 attempt ~$210–350 exam vouchertraining via HTB Academy subscription
Employer recognition Industry default on job filters Rising fast, less HR name recognition
The detail that matters

Exam format: speed vs methodology

OSCP's 24-hour clock makes it a test of recognition and execution. You move box to box, and the failure mode is time: rabbit-holing on one target until the window closes. The AD set — 40 of the 100 points — is where many attempts are won or lost, so it pays to make those attacks automatic before exam day.

CPTS replaces the clock with scope. Ten days against one connected network means the challenge is keeping a long chain organised: foothold, pivot, escalate, repeat, all while taking notes clean enough to become a professional report. It mirrors a real engagement more closely than any timed box-by-box exam can.

Cost and access

This is the starkest difference. OSCP is only sold inside a training package — the PEN-200 bundle is about $1,749 and includes the course, 90 days of labs, and one attempt. CPTS lets you buy just the exam voucher (~$210–350) if you've learned the material elsewhere, with the training covered by a much cheaper HTB Academy subscription, and it includes a second attempt. For most self-funded learners, CPTS is a fraction of the total cost.

Recognition and careers

OSCP's advantage is name recognition. After more than a decade it's the credential that clears automated résumé filters and satisfies job-description checkboxes. CPTS is highly respected by practitioners and proves arguably more realistic skill, but it's younger, so a non-technical recruiter may not know it yet. If a specific job posting names OSCP, that settles it. If you're optimising for skill and budget, CPTS is hard to beat.

Prep for either — or both

The skills underneath are the same

Both exams test the same primitives: Linux and Windows privilege escalation, web exploitation, Active Directory attacks, and service enumeration. PwnKata turns each one into a repeatable drill on a live, isolated box — a fresh variant every rep — so recognition becomes reflex before you ever start the clock or the ten-day window.

See the technique map for each path: OSCP practice →  ·  CPTS practice →

Eyeing a different cert? We also map PNPT and eWPT.

FAQ

CPTS vs OSCP, answered

Is CPTS harder than OSCP?
They're hard in different ways. OSCP pressures you with a 24-hour clock, so speed and recognition dominate. CPTS gives you ten days but a single connected ~8-host network, so the difficulty is methodology and pivoting — keeping a long attack chain organised without losing the thread. Most people find CPTS broader and more realistic; OSCP more time-stressed.
Is CPTS as recognised as OSCP by employers?
Not yet. OSCP is still the default line on many job descriptions and HR filters, built up over more than a decade. CPTS is widely respected by practitioners and growing fast, but a non-technical recruiter is more likely to recognise OSCP by name. If your goal is passing an automated résumé filter, OSCP carries more weight today; if it's proving real engagement skill to a technical hiring manager, CPTS holds its own.
Should I take CPTS or OSCP first?
If you're newer, CPTS (or the material in HTB's Penetration Tester path) teaches a complete methodology and is far cheaper, which makes it a strong on-ramp. If you need the credential on your résumé sooner — for a job requirement or a clearance — go straight for OSCP. Many people do CPTS first to build the methodology, then sit OSCP for the brand.
How much do CPTS and OSCP cost in 2026?
OSCP is sold as the PEN-200 bundle at about $1,749, which includes the course, 90 days of lab access, and one exam attempt. CPTS is much cheaper: the exam voucher runs roughly $210–350, and the training is covered by an HTB Academy subscription rather than a separate four-figure course. CPTS also includes a second exam attempt, where an OSCP retake means buying another voucher.
Can I prepare for both at the same time?
Yes. The two exams test heavily overlapping skills — Linux and Windows privilege escalation, web exploitation, Active Directory attacks, and service enumeration. Drilling those primitives until they're automatic prepares you for either exam; only the format and reporting style differ. That's exactly what PwnKata is built for.

Drill the skills both exams test

Free to start — live isolated targets, a fresh variant every rep.

Start drilling

Sources: OffSec OSCP Exam Guide · HTB CPTS certification page. Confirm pricing and format against the official guides before you book.