Exam-Day Workflow (2026)
- Build a strict recon -> validate -> exploit -> prove impact -> report loop.
- Record every command/output pair with timestamps.
- Keep fallback paths for each objective.
- Use indicative timelines: first pass discovery, second pass depth, final pass report polish.
- Validate findings twice before documenting business impact.
Reporting Checklist
- Executive risk summary per objective/domain
- Technical evidence (request/response, command output, screenshots)
- Reproduction steps with minimal ambiguity
- Clear remediation with priority and owner suggestions
- Retest guidance and residual risk notes