Documentation & Reporting

Table of Contents


Start

  • [How I read a research paper](https://muratbuffalo.blogspot.com/2013/07/how-i-read-research-paper.html?m=1

Writing

Start with the first two links, and go from there. They’re both great resources to writing technical documentation, the first being a beginners guide and the second being a general guide that beginners can understand.

Other Materials:


Writing Reports


Meta


Penetration Testing Collaboration

  • Kvasir
    • Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure.
  • Dradis
    • Dradis is an open source collaboration framework, tailored to InfoSec teams.
    • It can integrate with a lot of existing tools you probably are using if you're reading this.
  • Faraday
    • Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
  • Lair
    • Lair is a reactive attack collaboration framework and web application built with meteor.
  • Documenation Tools
    • CrScreenshotDxe
      • UEFI DXE driver to take screenshots from GOP-compatible graphic console
    • DART
      • DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
    • Serpico
      • Serpico is a penetration testing report generation and collaboration tool. It was developed to cut down on the amount of time it takes to write a penetration testing report.
    • Vulnreport
      • Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer's time. The platform is built to support automation at every stage of the process and allow customization for whatever other systems you use as part of your pentesting process.

Video Recording/Recording

  • Open Broadcaster Software OBS
    • Open Broadcaster Software is free and open source software for video recording and live streaming.
    • Cross Platform, Windows/OsX/Linux
  • Cryptoshot
    • This application will make a screenshot of the desktop. If the desktop consists of multiple monitors, it should still work fine. However it has only been tested with a dual monitor setup. The windows project has the added functionality of sending the screenshot to a server of your choosing.
  • Record terminal sessions and have the ability to replay it
  • Pocuito
    • A tiny chrome extension to record and replay your web application proof-of-concepts. Replaying PoCs from bug tracker written steps is a pain most of the time, so just record the poc, distribute and replay it whenever necessary without much hassle.

De/Briefing/Presenting


Disclosure


Sample Documents