Oswe Exam Report: Work

### 2.3 Screenshot Workflow
Nothing slows down OSWE exam report work like bad screenshot hygiene.


Let’s break down the single most important unit of your OSWE exam report work: the vulnerability entry. oswe exam report work
| Time | Activity | Report Status |
| :--- | :--- | :--- |
| Hour 1-2 | Enumerate codebase, map input points (forms, cookies, API params) | Create empty sections for each app |
| Hour 3-6 | Find first vulnerability chain | Draft PoC + code snippet immediately |
| Hour 7-12 | Exploit to get RCE or auth bypass | Write exploitation steps while it's fresh |
| Hour 13-18 | Second application | Same process |
| Hour 19-22 | Privilege escalation or second vector | Add to report |
| Hour 22-24 | STOP EXPLOITING – Polish report | Verify screenshots, code snippets, PoCs |
| Hour 24-48 | Sleep, re-test, submit | Final proofread | Robots
Critical rule: Write the report as you hack. Do not leave notes for later. You will forget the exact line number. Let’s break down the single most important unit
Offensive Security is ruthless about one thing: reproducibility. If you claim a vulnerability exists, you must prove it. For the OSWE, that means every vulnerability must have:

Remember: If your exploit works on your local VM but you forgot to capture the terminal output in the report, it did not happen.