Common Pitfalls and How to Avoid Them

Common Pitfalls and How to Avoid Them

Tunnel vision on single targets wastes precious time while missing easier alternatives. Set strict time limits for targets without clear progress indicators. If enumeration reveals no obvious vulnerabilities within allocated time, move on. Return with fresh perspectives rather than desperately trying random exploits. Many candidates report spending 8+ hours on machines ultimately worth fewer points than several easier targets combined.

Insufficient enumeration causes most exam failures, not lack of exploitation skills. Rushed candidates skip thorough service investigation, missing simple vulnerabilities while pursuing complex exploits. Maintain enumeration discipline even when excited about potential vulnerabilities. Complete enumeration checklists before moving to exploitation. Many "difficult" machines hide easy vulnerabilities in overlooked services.

Poor documentation habits create reporting nightmares despite successful exploitation. Failing to screenshot critical moments, losing track of successful commands, or mixing notes between targets causes point loss. Maintain meticulous documentation throughout rather than planning to recreate during reporting. Screenshot liberally—storage is cheap compared to lost points from inadequate evidence.

Panic-driven decision making emerges when falling behind planned schedules. Desperation leads to running kernel exploits without consideration, potentially crashing targets and losing all potential points. Maintain composure through planned responses to adversity. Step away briefly when frustration peaks. Remember that partial credit across multiple machines often suffices for passing.