That depends entirely on what you are trying to do. The OSCP and OSCE are just certs, all it’s gunna do at the end of the day is help you get a job; but both are really excellent courses if you can afford it.

Of course, all of the information in those courses are also scattered about the web, and most students use that as a supplement to the course material (Shit’s hard, man).

If the goal is to just learn exploit development without burning a hole in your pocket then your best option is to hunt down resources like those detailed above and self-teach.

As an alternative, if you’re trying to get a job, you could use what you self-taught on exploit development, find a vulnerable app, write an exploit, go through the whole responsible disclosure dance, post it on github after the company has acknowledged and patched the vuln, and write a blog post about it; this way you have something to show prospective employers in lieu of a certification (Which, IMO, is wayyyyyy better than a stupid piece of paper even if HR ppl don’t think so).