I recently completed the PORP exam and wanted to put together a spoiler free post for anyone considering it.
This is not going to be a breakdown of scenarios, answers, or shortcuts. I am not interested in helping people cheat their way through a practical OSINT certification. What I do want to do is set expectations properly, because I think that alone would help a lot of people.
The short version is this: the exam is very doable, but it is not casual.
It is long, it is demanding, and it rewards people who can stay organized and write clearly under pressure. If you go into it thinking this will feel like a few simple training labs stitched together, you are probably going to have a rough time.
Expect a marathon, not a sprint
The biggest thing I would tell anyone is to respect the endurance factor.
This exam took over my weekend and then some. It is not just an OSINT challenge. It is also a reporting challenge, a time management challenge, and honestly a stamina challenge. You are not only finding answers. You are building a professional deliverable while the clock is running.
If you already work investigations, this will probably feel familiar. Not because the exact scenarios mirror real cases one for one, but because the workflow does. You are collecting leads, validating them, discarding bad ones, preserving evidence, and then turning that into something defensible. That is the real game.
If your plan is to start the exam with no structure and just freestyle your way through it, I would strongly advise against that.
The training helps, but the exam feels harder
I thought the training was fine. It gave useful exposure to OSINT basics and introduced good tools and workflows. I do not think it was bad. But I do think people should know that the exam felt materially harder than the training content.
That is not necessarily a criticism. In a practical OSINT exam, being able to search, pivot, adapt, and figure things out when the obvious path is not working is part of the skill set. Still, I was surprised by how large the gap felt.
The training scenarios were much more straightforward. The exam required more persistence, more careful validation, and far more documentation than I think some people may expect. The research is only one part of the work. The writeup is a major part of the effort too.
Your report matters as much as your answers
Treat PORP as a reporting exam just as much as an OSINT exam.
A good answer with weak documentation is not nearly as strong as people think. If you found something important but cannot explain how you found it, why you trust it, what corroborates it, and where the uncertainty is, then your work is weaker than it should be.
Before you start, have a reporting structure in mind. Know how you are going to organize findings. Know how you are going to handle screenshots. Know how you are going to keep sources straight. Know how you are going to separate raw lead generation from final supported conclusions.
The more disciplined you are with documentation early, the less pain you create for yourself later.
Corroboration is everything
One of the easiest ways to hurt yourself in OSINT is to stop at the first plausible answer.
Do not do that here.
If you think you found the right lead, pressure test it. Cross check it. Compare it against another source. Validate the timeline. Confirm the image. Check the metadata. Try to prove yourself wrong before you lock it in.
That mindset is what separates decent OSINT from strong OSINT. A lot of the exam felt less like finding a clever trick and more like building enough support behind a conclusion that you can actually stand behind it.
Build your workflow before the clock starts
Have your environment ready.
Have your browser bookmarks ready. Have your writing template ready. Have your screenshot and file naming process ready. Have a basic plan for how you are going to track sources and evidence. Do not burn valuable exam time deciding how to format headings or where to store captures.
This sounds boring, but boring preparation is what keeps a practical exam from becoming chaos.
Even something as simple as using a consistent structure for each finding can help a lot. A clean flow like objective, conclusion, confidence, method, evidence, and sources makes it much easier to keep the report coherent once it starts getting large.
Watch the file size
This is the kind of advice people usually remember too late.
Keep an eye on your document size while you are working. The maximum upload size is 200 MB, and my final report came in at just over 110 MB. If you are taking a lot of screenshots and embedding a lot of images, that file can grow faster than you expect. Your writing platform, image handling, and compression settings all matter more than you think.
This is not the glamorous part of the exam, but it is part of practical exam hygiene. You do not want to finish a huge report and then realize you created an avoidable submission problem for yourself.
Leave buffer time at the end
Do not plan to finish at the last possible minute.
Give yourself time to review. Give yourself time to clean up wording. Give yourself time to make sure your screenshots are where they need to be, your conclusions actually match your evidence, and your sources are in order.
There is a big difference between solving a problem and packaging it well. That last review pass matters.
The people who usually get burned on practical exams are not always the ones who lacked technical skill. Sometimes they just mismanaged the clock.
A note on support expectations
One practical risk management point I think is worth stating plainly: go into the exam assuming you may need to operate fully independently.
In my experience, I sent an exam related support question early in the attempt, followed up, and also tried to get visibility through Discord. I did not receive a useful answer in time, and the overall support experience felt unprofessional. I also learned there was no meaningful feedback beyond pass or fail, which is disappointing for an exam that requires this much work.
That does not change the fact that I found the exam valuable. It does mean I would strongly recommend reading the rules carefully, avoiding gray area decisions, and planning as though no clarification is coming mid attempt.
That is just practical risk management.
Final thoughts
Overall, I am glad I did PORP.
It was exhausting, but it was also rewarding. It did not feel like a gimmicky CTF. It felt much closer to actual investigative work, which is what I wanted out of it in the first place. It forced me to think carefully, document clearly, validate harder, and keep going when the work got tedious.
That kind of experience has value.
If you are considering the exam, my advice is simple: respect the time, respect the reporting, respect corroboration, and respect the endurance factor. If you do that, you will give yourself a much better shot than someone who treats it like a casual weekend challenge.
And if you go for it, do yourself one favor before the timer starts.
Get your workflow squared away first.