Do not just screenshot the flag text file. The screenshot must show the terminal, the execution of the command reading the flag, and network configuration commands (like ipconfig or ip a ) to prove which machine the flag belongs to.
Offensive Security does not provide a mandatory template for OSWE (like they do for OSCP). However, you should build one in (converted to PDF) or Microsoft Word with styles.
In conclusion, the OSWE exam report is far more than a piece of documentation. It is the ultimate expression of the hacker’s mindset: methodical, exacting, and communicative. Offensive Security does not sell a certification in hacking; it sells a certification in professional exploitation . The ability to break a system is common; the ability to break a system and then articulate that breakdown so clearly that another expert can walk in your footsteps is rare. For OSWE aspirants, the mantra should be clear: your exploit code gets you in, but your report keeps you certified. Treat the report as you would the exploit—with precision, proof, and no room for error.
Pre‑Auth SQL Injection in Login Function
Before the exam starts, set up your reporting environment. Configure your markdown-to-pdf converter (like Pandoc or Eisvogel) and run a test compile to ensure your styling, margins, and headers look pristine.
: You must compress the PDF into a .7z archive (without a password).
Educación
Servicios sociales
Sostenibilidad
Empleo y formación