@jamie. i would ue the template or engine for more than just pen testing by the way. As a mechanical engineer, i will be writing reports probably weekly if not daily.

I think a reporting engine will be awesome for more than just pen test engineers

as for calaborating, google docs is good at that. there is also a program like google docs but can be ran privatly on a LAN for a business(thought that doesnt help you but still pretty cool)

@ datadwarf. dude, you didnt lead us astray, just gave some awesome info of what not to do. This forums totally reminds me of a thomas edison style forum. try and try again until you suceed. I have found it is very importatnt to take notes like mr edison as well. if you get a chnace to see some of his writings, you will be impressed. he wrote everything down and i mean everything.

Jamie, how you gonna do the report engine?

im interested in how that is going to work.

im hoping it will. haha. The rules you have to follow for adding acls to routers is tough but writing them is pretty cool. I remember during my CCNA, it took me 45 minutes for one of the sims because it was soooo wicked hard. advanced firewall config was the exercise. haha. got 100%on security though.

 I want to start a new thread for a new question but i am not sure when i should. haha. I want to discuss two firewall programs(entangle vs smoothwall) and how to add them to my vmplayer network for a lab. but i dont want to start to many threads.. haha. I want to learn how firewalls work and be able to use namp against one and then read the logs and see what it is doing. Then i want to tighten security on the fire wall and see if i can get past it to see if i can get access to de-ice 1.100



thanks guys

that four letter word LAZY is the death of a lot of things in the business/work field. I am very guilty of this at times.  I struggle with not getting bord. I have to be active all the time. i can focus like mad but i get stuff done and if it bores me, then i dont want to do it. hhaha.

awesome info above. thanks for htat

i forgot to mention that i have real equip but no room. so i must go virtual. GNS3 was like packet tracer in its day. haha. it looks like you can run virtual box with it but not vmplayer. dang it.
thanks

Thanks for the info on the executive summery. My problem is i am a very detailed write so flashy is my type. Now to learn how not to be flashy in the right moments.

@jamie.

That would be awesome. I have downloaded so many pdf's on how to write a technical report, it aint funny. haha. It seems that apa style is the norm.

you could have a wiki page or google docs that only certain people can edit.

for standard sakes i think apa is great. but my biggest concern i have seen is un-organized screen shots of attacks and command line stuff.

In my mechanical engineering class, we were taught "that in order to make your ceo happy, show lots of organized pictures. big bosses in business love pictures. they are pretty and fun to look at. Makes you feel special" so i think there should be a standard of how a body of pictures should be placed in the report AND easy to understand. IE proper names of x and y axis on graphs. I have seen some pen test reports where the x axis was the percentage but the y axis was just numbers from 0 - 20 with no title so people had no idea what the 75% at 11 ment. Was it that 11 of the scans showed 75% high risk or was it that it found 11 high risk cases and that that made up 75% of the total?

The hardest part, every professional out there including you and i, think we are the best at writing a report. So colaberating and effectivly communicating our ideas without stepping on toes, thats the hard part... oh and my spelling sux. haha

True. it is completely new to . I went back and looked at my ccna and ccnp security and it was all packet filtering and port forwarding stuff. nothing on how to attack a system. haha.

I want to learn to use nmap in an environment with routers and firewalls, but im not sure how to run those apps in a vmplayer, nor do i know what config settngs should be configured on the firewall a well. IE, how secure should i configure it or how open. Wish there was a router/firewall challenge disk ISO.

I can appreciate that since i am a pre med student. Thopugh i am not studying to be a surgeon, but rather the possibility to make surgical tools or biomenitic legs and arms for those who need them. OR  posibly power generation. But my degree requires pre med. haha.

I feel somewhat dumb in a way. i cant believe i struggle on levle one. haha. there is no way i could have figured it out by myself with out the movies. haha.

I do have to say that the ISSAF is a funny ol thing. it gives you ideas of what to do without telling you how, not all the time though. haha.

After this course i am doing. I will FINALLY get to my linuxcbt course i purchased 4 years ago. i got the security edition and the RHCT course as well. I took it in school and had to purchase the CBT. I completed the first course but not the other 2. so that is next. just need to build a lab for it though. thats the hard part. They sent me a picture of whathe VM environment should look like... holy crap its complicated. hahaha

thanks for the info.

yeah i didnt think about that part. haha. yeah i have decideto use hose as my notes for research and then actually write a completly different report for the pen test. i figure in order for me to learn, i must document how the tools work for my sake and then perform te test and document the findings in a real report.

thanks

Awesome. that makes sense now. Ok so i was not just hearing things then. There is actually a 1.101 but it is only for student use. ok cool. So sine i do not have access to that, will 1.110 suffice for 1.101?

I am trying to follow the dvd videos first then read the book. I plan on writing my technical report so i can turn it into my english professor as a grade. haha.

Thomas? do you give a little demo or tour of the new online lab you have besides whats on the youtube video?

it looks pretty cool what you are doing though. i wish when i was doing my ccna and ccnp, we had something like this to help us out. haha.

thanks for all the help. i like the book, but i need to read the issaf and follow the videos fist before i understnad the book. haha

thanks

so far i like it. I have found that i need to follow the videos first and the ISSAF before i read all of his book. Some of the concepts in the book are more advanced than what i am used to. I want to complete the de-ice lvl 1 first before i read the advanced material in his book. haha.

What read/lab combo you doing now?

thanks

Yeha the ones that came with the book are 1.100 and 1.110 but in his videos he ays attack he 1.101 target as your individual pen test project. He has his back rack set to 1.10. Here are my open and closed ports. udp 53 is closed but book  gives hint that it is actually open. haha. but netcat dont wanna connect to it using nc -u 192.168.1.100 53. any way, i assume the 1.101 is now 1.110

awesome. yeah some things must have changed because in the video his nmap scan of 1.100 shows port 25 open. mine is closed. he creates a telnet session to port 25 to grab banners. haha.

thanks

PERFECT. ok thats what i was thinking. The above was originally going to be from my hands on exp portion as i follow along the movie for my actual pen test.

But after reading my notes, i felt like it was a tutorial rather than an actual document.

I have actually never written a technical report for anything haha so this will be new to me.

However, i can use part of the notes i ahve for the final report i bet.

thansk guys

first one has a dead link in it and it looked like a good read. haha. I have read the other ones before but i did not find what i was looking for.  I know the format using APA and what not. im just wondering if im supposed to explain what i did as if i was talking to a begineer in the networking world.

ill read the second links agan and see if i an find some more info.

thanks

Matt