Disclaimer: This article is based on publicly available exam write-ups, OffSec documentation, and community reviews. It does not disclose any content that violates Offensive Security’s Non-Disclosure Agreement.
While Soapbx and Akount are the exam machines, the OSWE training material (WEB-300) covers many other vulnerabilities and techniques that candidates must master before the exam: soapbx oswe
Before we dive into SoapBX specifically, we must understand the battleground. Disclaimer: This article is based on publicly available
To earn the OSWE, a candidate must pass a proctored exam that simulates a live network inside a private VPN. The exam duration is , and once it concludes, the candidate has an additional 24 hours to submit a professional penetration test report that documents every step, command, and exploit used. The report is just as critical as the exploitation itself: missing screenshots or insufficient detail can result in partial or zero points. To earn the OSWE, a candidate must pass