Briefly list the methodology followed (white-box source code review, dynamic testing) and the tools utilized during the assessment (e.g., Burp Suite, Python, VS Code, grep, jq). 4. Technical Findings & Exploit Chains (The Core)
To fully automate this process, many candidates use the OSERT (Offensive Security Exam Report Template) Ruby script. It is officially available as a package on BlackArch Linux ( pacman -S osert ). The script handles the entire pipeline for you:
Show how you elevated your privileges or extracted sensitive data. oswe exam report work
If required by the latest exam guidelines, place the PDF and your exploit scripts into a password-protected .7z or .zip archive named precisely according to the OffSec exam instructions.
Step through how you built your payload. If you bypassed a Web Application Firewall (WAF) or string filtering, explain the encoding mechanism (e.g., URL encoding, Base64, or character concatenation).
Use red boxes or arrows to highlight the exact injection point, cookie value, or flag in your screenshots. Crop out irrelevant background windows to keep the focus tight.
Saved chronologically with descriptive names (e.g., Target1_Step3_SQLi_Payload.png ).
Detail the exact HTTP request headers, parameters, or payloads required to trigger the flaw.
However, compromised targets and functional exploit scripts represent only half the battle. Your OSWE exam report work determines whether you pass or fail.
