Note taking on-the-go

This document notes down the main flow of note taking during a pentesting engagement. It includes the main sections and information to note down while interacting with the system.

As adapted from https://jarrettgxz-sec.gitbook.io/offensive-security-concepts/professional-report-writing/oscp/report-layout

Google Documents

Note that Google docs allows a maximum of 3 nested layer tabs

Main tabs

1

Information gathering (passive reconnaissance)

a) Ports/services found

  • 80/443 ~ HTTP(S)

  • 53 ~ DNS

  • ...

b) ...

2

Enumeration (active reconnaissance) ...

3

Initial access/foothold

4

Post exploitation

5

Persistence

6

Exfiltration

PreviousReport layoutNextPractice

Last updated