"where the learners start with a standard user account on the AD domain with the goal of full domain compromise"<p>Doesn't this make it easier? I took (and passed the OSCP) last year. When I took it, I needed to compromise from the outside and use the account to gain access to the rest of the machines and compromise the AD. This starts you out with an existing account. One less step.<p>I also think removing the bonus points is a little strange. You get 10 extra points by going through 80% of the labs and material. It only took me a couple of weeks. This isn't really too much to ask.<p>This sounds like all just excuses for the 3rd change: it expires every 3 years, so you need to re-take it (and re-pay Offsec).<p>The material isn't that difficult (although I was in the industry for years before taking it). The time-frame to take the exam is the killer: 24 hours. I was able to pass it in around 6.<p>This just feels like a money grab to me.