I am working on the attacking Gitlab and seem to be stuck on this question:
Find another valid user on the target GitLab instance.
I have used nearly all the SecLists for usernames, and am currently burning through rockyou, but it is not providing much different results.
Has anyone found a wordlist that works with this question? I already did the second question and found the flag but can’t seem to find an additional user that is accepted.
Although any word can be used as a username or a password, RockYou is a wordlist of compromised passwords. You should loop through usernames, not passwords.
Appreciate the reply.
What I found out was that I had already found the correct user in my output, utilizing one of the other seclists, but going back to earlier training sessions I did not use the output to look for possible variations. 
RockYou was a last ditch effort because none of the other lists appeared to provide what I needed.
Love and learn I guess.
Good job! Now you know better! 
In my oppinion the scope to write the username in the answer in capital letters is a bit off to the real scope of the subject of enumerating the username. Anyway for the others, keep in mind that yes you should use a big list in the directory shown in the module and you have to write it in capital letters for the first response.
Feel free to message me if you need help.
So you are saying that the enumerated username is supposed to be all caps, capital letters, like ‘USERNAME’, is that correct?
Or do you mean just the first letter capitalized? Like: ‘Name’.
If yes, how do you know? From the section, the enumerated users by the author/mrb3n are: “root, bob”, which are both lowercase.
From all the experience I had with other modules, they usually don’t drift of too far.
So password mutation is the real task here, am I correct?
Regardless, thanks for the hints
Alright, I found the answer thanks to a tip from another forum post.
TL;DR
GL and leave a reply if you are still struggling.