7MS #358: 4 Ways to Write a Better Pentest Report
7 Minute Security16 Apr 2019

7MS #358: 4 Ways to Write a Better Pentest Report

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!

This week we're talking about everybody's favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last few months I've seen a lot of reports from other companies, and here are a few key problems I see with them:

  1. Too long - overall these things are waaAAaAaaAayyyYYYYYYyyy too long. I see reports where the analyst has copied and pasted an entire Nessus report into the main report. Yikes. That makes these things weigh in at hundreds(!) of pages.
  2. Too techie - these reports look like their written from one techie to another. Nothing wrong with that, really, however in many cases the key person that needs to "get it" is a manager or C-level position who needs to understand the risks in plain English.
  3. No narrative - the reports are just a long laundry list of vulnerabilities without any context of how the pentest was conducted or which vulns should be fixed first.
  4. Weak remediation - most of the findings are accompanied by whatever remediation instructions are provided by the vuln-scanner or other tool. We can do better than this!

How? Listen to today's episode :-).

Oh, and don't forget to come to the next 7MS User Group meeting on Monday, April 22! Details here!

Avsnitt(688)

7MS #255: PwnPro 101

7MS #255: PwnPro 101

I'm kicking the tires on the PwnPro which is an all-in-one wired, wireless and Bluetooth assessment and pentesting tool. Upon getting plugged into a network, it peers with a cloud portal and lets you assess and pentest from the comfort of your jammies back at your house! Oh, and did I mention it runs Kali on the back end? Delicious. Today's episode dives into some of what I've been learning about the PwnPro as I run it through its paces at work and warm it up for our first customer assessment...

27 Apr 201710min

7MS #254: Bash Bunny

7MS #254: Bash Bunny

I've been working with the Bash Bunny for the past few weeks in preparation for a presentation/demo I'm doing in a few weeks. Today I want to talk about what the Bunny is, the cool things it can do, and some of my favorite payloads. Also, I started thinking about what conversation topics spawn from a demo of the Bunny. Specifically, I want to know how people would defend against the Bunny using AD policies, peripheral controls, etc. Check out the Hak5 thread I started about this, as it has got some great ideas.

20 Apr 201710min

7MS #253: Desperately Seeking Service Accounts

7MS #253: Desperately Seeking Service Accounts

Find the show notes here!

13 Apr 20179min

7MS #252: LAPS - Local Administrator Password Solution

7MS #252: LAPS - Local Administrator Password Solution

Show notes are here.

6 Apr 20178min

7MS #251: Blackholing Malvertising with Pi-Hole

7MS #251: Blackholing Malvertising with Pi-Hole

Show notes are here

30 Mars 201710min

7MS #250: The PBS Telethon Episode!

7MS #250: The PBS Telethon Episode!

Show notes for today's episode can be found here!

23 Mars 201710min

7MS #249: AlienVault Certified Security Engineer - Part 1

7MS #249: AlienVault Certified Security Engineer - Part 1

Show notes are here.

16 Mars 20179min

7MS #248: How to Hack the 10 O'clock News

7MS #248: How to Hack the 10 O'clock News

Show notes are here.

9 Mars 201711min

Populärt inom Politik & nyheter

svenska-fall
p3-krim
svd-dokumentara-berattelser-2
rss-viva-fotboll
flashback-forever
rss-sanning-konsekvens
aftonbladet-daily
rss-vad-fan-hande
olyckan-inifran
motiv
dagens-eko
fordomspodden
krimmagasinet
rss-frandfors-horna
rss-krimstad
rss-krimreportrarna
svd-nyhetsartiklar
blenda-2
kungligt
svd-ledarredaktionen