Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

4.1 KiB

##Documentation & Reporting

For writing technical documentation.

#####TOC

| HowTo: Write pentest reports the easy way | http://blog.dornea.nu/2014/05/20/howto-write-pentest-reports-the-easy-way/

###Penetration Testing &/ Collaboration Tools

Kvasir

  • Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure. Currently the following sources are supported:

Dradis

  • Dradis is an open source collaboration framework, tailored to InfoSec teams.
  • It can integrate with a lot of existing tools you probably are using if you're reading this.

Faraday

  • Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.1

Lair

  • Lair is a reactive attack collaboration framework and web application built with meteor.

###Writing

Start with the first two links, and go from there. They’re both great resources to writing technical documentation, the first being a beginners guide and the second being a general guide that beginners can understand.

A beginners guide to writing documentation Teach, Don’t Tell

Other Materials:

Three parter from jacobian.org:

[Writing Types of User Documentation](https://en.wikiversity.org/wiki/Technical_writing_Types_of_User_Documentation0

The 7 Rules for Writing World Class Technical Documentation

###Writing Reports

Penetration tests done by cure53, good examples of how a report should be done.

Offensive Security 2013 Demo report

Writing a Penetration Testing Report by SANS

Excellent blog post breaking down the various parts, a must read

Report Template from vulnerabilityassessment.co.uk

Penetration Testing Execution Standard section on Reporting

security-assessment-rfp-cheat-sheet

Tips for Creating an Information Security Assessment Report Cheat Sheet SANS InfoSec Policy Templates

###Meta What is Markdown?

Using markdown

Markdown Syntax

Markdown basics

Mastering Markdown

###Video Recording

Open Broadcaster Software OBS

  • Open Broadcaster Software is free and open source software for video recording and live streaming.
  • Cross Platform, Windows/OsX/Linux