Report Requirements and Submission

Report Requirements and Submission

The penetration test report represents 50% of the certification process, requiring professional documentation of all successful exploitations. Reports must include executive summaries accessible to non-technical audiences, detailed technical walkthroughs enabling reproduction, and remediation recommendations. This emphasis on reporting reflects real-world requirements where penetration testers must communicate findings effectively to diverse stakeholders.

Technical sections require step-by-step exploitation walkthroughs with supporting screenshots. Each compromised system needs complete documentation from initial enumeration through privilege escalation. Code snippets, custom exploits, and modification explanations demonstrate understanding beyond tool usage. The depth required often surprises candidates who focus solely on technical skills while neglecting documentation abilities.

Formatting requirements remain minimal but important. Reports must be submitted as PDF documents with ZIP archives containing any custom scripts. Professional presentation matters, with clear organization and consistent formatting demonstrating attention to detail. Many candidates use provided templates or develop custom formats during lab practice. Submission occurs through Offensive Security's upload portal, with confirmation emails providing peace of mind.

The 24-hour reporting deadline begins at exam completion, not VPN disconnection. This policy allows candidates to verify all screenshots and notes before ending exam access. However, no additional testing or access remains available during reporting. Successful time management allocates sufficient time for both exploitation and documentation. Many experienced candidates recommend stopping exploitation with 4-6 hours remaining to ensure quality reports.