OSCP exam prep, adaptive methodology plan with ARIA
The OffSec Certified Professional (OSCP) is the gold-standard hands-on penetration testing cert. The exam is 24 hours of live exploitation against five target machines plus an Active Directory set, then 24 hours to write the report. No multiple choice. Passing needs 70 of 100 points, scored on documented exploitation steps. The PEN-200 course is required.
What the exam is
Five domain areas on the current curriculum:
| Domain | Weight |
|---|---|
| Information gathering and enumeration | ~20% |
| Active Directory exploitation | ~25% |
| Web application attacks | ~20% |
| Privilege escalation (Linux and Windows) | ~20% |
| Client-side and post-exploitation | ~15% |
The cert is valid for three years. Renewal goes through OffSec's Continuing Professional Education program, or by retaking the exam.
How ARIA preps you for it
ClaudeLab is concept and methodology focused. OSCP is a typing exam. The two have different shapes, and you need both. 
ARIA prepares you on the methodology side: enumeration order, attack-tree decisions, AD pivot patterns, the Linux vs Windows privilege escalation reflex, and when to switch attack vectors instead of grinding the same one.
The CAT eval lands a per-domain skill estimate. The roadmap weights phases to your gaps. The error backlog tags misses by attack stage and tool family, so the patterns you keep missing surface fast.
Lab pairing (required for this cert)
Concepts are necessary but not sufficient. The OSCP exam is hands-on, and ClaudeLab does not replace lab time. Pair ClaudeLab prep with OffSec's PEN-200 course (mandatory) and the included lab subscription. HackTheBox's OSCP-prep boxes (TJ Null's list) are the standard supplement. Plan 300 to 400 hours total.
Common pitfalls on this cert
Treating OSCP like a CTF. OSCP rewards methodology and reporting, not flag-grabbing speed. Document everything as you go. Report writing is half the time budget.
Skipping Active Directory. AD is the heaviest single domain on the current exam. Practice the full kill chain (enumeration, lateral movement, persistence) on a real lab AD, not just individual techniques.
Underestimating the report. Failing the report fails the exam even if the lab passed. Write as you exploit, not after.
The pass guarantee
ARIA guarantees the methodology and concept side. The lab and report sides are on the candidate. Pass guarantee eligibility requires the standard five conditions plus completed lab practice (self-attested).