PEN-200 REPORT TEMPLATES
The Penetration Testing Report Templates mentioned in the PEN-200 guide can be found here:
- https://www.offensive-security.com/PEN-200-online/PEN-200-REPORT.doc (Microsoft Word)
- https://www.offensive-security.com/PEN-200-online/PEN-200-REPORT.odt (OpenOffice/LibreOffice)
You are highly encouraged to use these report templates for the final documentation you submit to us.
HOW SHOULD I BE MANAGING THE DOCUMENTATION AND REPORTING IN PEN-200?
Every penetration tester will have their own style and preference of work flow and documentation. For this reason we allow some flexibility in the way students perform reporting.
We suggest the following course of action:
Treat both the lab network and exam network as penetration tests that you were hired to do. Use tools like basket/dradis/leo/keepnote to help you document important information as you work, and once you are ready with your results, complete the relevant documentation for the attack in the "final report". This way, you put your results down in the report while they are fresh in your mind.
In order to be awarded your OSCP certification, you must submit an exam penetration test report clearly demonstrating how you successfully achieved the certification exam objectives. You are also highly encouraged to submit a lab penetration test report as it can provide you with additional points towards your certification if you are lacking sufficient points needed to pass.
Report #1 - Penetration test Report of the PEN-200 labs
Report #2 - Penetration test Report of the OSCP Exam labs
The reports must be in PDF format and include screenshots and descriptions of your attacks and results.
DOCUMENTATION OF EXERCISES FOR THE FOLLOWING SECTIONS ARE NOT REQUIRED FOR PEN-200:
- The Kali Training Site
- HTTP Service
- dpkg
- Reverse Shell Scenario
- Recon-ng
- Client Fingerprinting
- Upgrading a Non-Interactive Shell
- Uploading Files with TFTP
- Standard Wordlists
- Brute Force Wordlists
- HTTP htaccess Attack with Medusa
- Remote Desktop Protocol Attack with Crowbar
- SSH Attack with THC-Hydra
- HTTP POST Attack with THC-Hydra
- Retrieving Password Hashes
- Password Cracking
- All Extra Miles exercises
IS THE LAB REPORT MANDATORY?
The short answer is "No". If you wish to earn the OSCP certification, the only mandatory report is the exam report. However, if you are lacking a small number of points needed to pass the certification exam, a lab report can help push you to a passing score so we highly recommend you submit both an exam and lab report.
HOW MANY MACHINES SHOULD THE LAB REPORT CONTAIN?
You must successfully compromise no less than ten (10) machines in the labs and document all of your steps as illustrated in the "Offensive Security Lab and Exam Penetration Report: Section 3 - Methodologies" template. You may choose to include more than 10 machines in your report, however this will not provide any additional points to your final exam score.
HOW MANY BONUS POINTS CAN I GET FOR SUBMITTING A LAB REPORT?
5 (five) bonus points may be earned by submitting your lab report and course exercises. In order to receive the bonus points, your documentation needs to follow the guidelines outlined at the OSCP Exam Guide.
IS AN EXAMPLE LAB REPORT AVAILABLE?
Yes! We have an example report available at https://www.offensive-security.com/PEN-200-online/PEN-200-Example-Report-v1.pdf