This is the most critical phase. If you miss a hidden directory or a misconfigured service during your scan (using tools like Nmap or GoBuster), you’ll hit a wall.

You learn to identify vulnerabilities and use tools like Metasploit (though its use is limited in the exam) or manual scripts to gain a foothold.

You have 23 hours and 45 minutes to complete the technical portion and another 24 hours to submit a professional-grade penetration testing report.