Don't wait until the 48 hours are over to take screenshots. Capture them during the exam while the environment is still live.
A high-level overview of the systems compromised. oswe exam report
Exploitation: How you bypassed filters or security controls. Don't wait until the 48 hours are over to take screenshots
OffSec isn’t just testing your ability to find bugs; they are testing your ability to communicate them. In a professional penetration test, the report is the only tangible product the client receives. For the OSWE, your report must prove that you didn’t just "guess" the exploit, but that you fundamentally understand the source code and the logic behind the vulnerability. 2. The Golden Rule: Reproducibility Exploitation: How you bypassed filters or security controls
Highlight the exact lines in the source code where the flaw exists.
The is the final hurdle between you and the "Offensive Security Web Expert" title. Treat it with the same intensity as the 48-hour hacking session. If you provide clear code analysis, a robust automated script, and a professional layout, you’ll be well on your way to earning your certification.