You got SYSTEM on a Windows box but forgot to screenshot proof.txt in an interactive shell. What’s the scoring risk?
High risk of zero points for that target: proof must be shown in a screenshot via cat/type from original location.
You retrieved proof.txt via a web-based shell and pasted it into notes. Is that acceptable?
No—OffSec requires proof shown via an interactive shell with cat/type from original location; web shells can be zero points.
You found an exploit online and ran it unmodified. What belongs in your report?
The URL/source of the exploit, not the full unmodified code.
You modified an exploit to work. What should you include?
Modified code + original URL + highlight changes + explain why changes were made.
You are stuck 3 hours on one host with no foothold. Best next step?
Timebox: pivot to another host or new vector, then return later with fresh recon.
Your notes have commands but no console output. What is the risk?
Insufficient documentation can reduce/zero points because steps must be replicable with evidence.
You have a root shell on Linux but as a different user than expected. What determines full points?
Root shell requirement (Linux) plus proof screenshot from original location.
You forgot which exact payload/port you used for reverse shell. How do you prevent this?
Record every command/parameter and keep a per-host timeline in notes.
You want to use an automated tool that might perform restricted actions. What’s best practice?
Check OffSec exam restrictions; if unsure, don’t run it during exam and use manual methods.
You solved all objectives but report is incomplete. Can you pass?
Maybe not—documentation is strictly graded; missing required screenshots/steps can cost points.
You copied sensitive exploit code blocks into the report that you didn’t modify. What should you do?
Remove unmodified code and replace with the exploit URL/reference.
You plan to use ChatGPT during the live exam to draft commands. Is that allowed?
No—OffSec states AI chatbots/LLMs with direct prompt access aren’t permitted during the active exam.
You’re unsure whether to continue after the exam time ends. What’s correct?
Stop when the proctored exam time ends; then use the report submission window to write the PDF report.
