If your exploit relies on log poisoning (LFI -> accessing /var/log/apache/access.log ), your report must include the exact log entry you injected and the subsequent request that executes it.
: The report must be a PDF named OSWE-OS-XXXXX-Exam-Report.pdf , archived in a .7z file with the same naming convention. Structure of an OSWE Report oswe exam report work
Your final deliverable is a single PDF. It must contain two major sections: the (low detail) and the Technical Report (high detail). If your exploit relies on log poisoning (LFI
OffSec examiners will:
Tools like Pandoc can convert Markdown to a professional PDF instantly using OffSec-compliant templates. This keeps your formatting consistent and clean. It must contain two major sections: the (low
Many brilliant penetration testers fail the OSWE not because their code was faulty, but because their exam report was inadequate. Offensive Security (OffSec) holds student documentation to strict professional standards. If your report is missing critical details, reproduction steps, or automated scripts, you will fail.
To avoid the heartbreak of a "failed" notification despite getting all the flags, the report must be flawless in its technical correctness and fullness. Advanced Web Attacks and Exploitation OSWE Exam Guide