There is no standard on how long the report must be. It should contain all necessary information though.

Wow, that's hilarious. My exam section was ~90 pages, and combined, the entire report was just shy of 500.


You need to remember that you're not actually writing text for all those pages. Most of my pages only had a screenshot and a sentence or two explaining what was going on.

As I was going along, I'd just alt+printscreen whatever window I was in, add a note in Word, paste the screenshot below, add a page break for a nice transition, and repeat.

With dozens of lab systems, it's easy to obtain a high page count with minimal effort. Think where you'll end up with only five screenshots per day at 30, 60, and 90 days. My approach was to include a step-by-step walk-through for each system, so anyone could repeat the compromise. cd1zz was apparently much more concise What's important is that you adequately communicate your findings.

HOLY COW!  Yeah I didn't show every single step, except for the section that had the Exam Challenge.

The rest of the lab report was basically the vuln, and proof of exploitation.

My report was 205 and the exam was about 30ish.  It was a long process since I wanted to the report to be perfect but the screenshots were a pain.  It would always throw off everything else in the report as far as formatting.

TIP: Work on your report while you are doing the course.  At least the last two weeks of the course.  It helped me out a lot. 

It's recommended to write the report while you progress through the course rather than at the very end of your course time. This way you have things right in memory and won't need to spend your last time with just report writing, which might take quite a while if you are just starting with it. If you document your findings too sloppy in your temporary format, it might also be difficult to document it properly in your final report (especially if your lab time is over and you can't go back to verify).

I see what you are saying. I think what the other guys are saying is that you include your normal Lab work in with the pen test report at the end? So work on the format of the lab work report as you go so you don't have a heap of formatting to do right at the end.... is that correct???

Yah I am with you now I gussed that is what was being implied but just want to make sure.

Does the lab change that much the exam one ?

@Jamie.R - as a former Offsec student, you should understand that we can only give you so much info on that.  I'd agree with the post, above - if someone is doing well in the lab, and understands not only the specific exercises and steps to pwn those targets, but the fundamentals of what they're seeing and doing, they SHOULD do well on the exam.  If a person finds themself really struggling in the lab, then perhaps they should spend more time studying, before attempting the exam. 

That's all I'll really give you, on that one, except to say, 'try harder' <evil grin>  Put it this way, I'm currently studying for a second attempt on my OSCE exam.  I thought I was ready, the first time, and, looking back, I was 'ALMOST' there.  But I realized, after attempt #1, what I needed work on.  So it's not always an exact science, of knowing the labs to ace the exam.  Labs are preparatory, but not necessarily all-inclusive.  Offsec is preparing you for the real world of pentesting.  Hope you are enjoying the challenge!