June 27, 2013 at 6:59 pm #8502jrdotyParticipant
I’m looking for a good note taking program for pen testing and other research. What do people use? What does offensive security classes use for their reports? I’ve read reviews of PWB reports being so long with notes and screenshots but what are they using.
I’m partial to pen and paper due to the increased flexibility of it. However as I have begun to learn pen testing and now I do malware research pen and paper has many drawbacks.
I need the ability to copy and paste (long urls, data, etc.) Screenshots are a must. It would be nice if it was cross platform and I could sync them. And of course searching which you can’t do with pen and paper.
I’ve tried onenote but it’s only windows. Evernote but I didn’t like it much. I’ve used basecamp a little bit but I”m not sure if I like it. I’ve played with programs like Dradis but that is strickly pen testing. I’d like to use this for my malware research as well.
Does anyone have a good flexibly program for note taking?
June 27, 2013 at 7:22 pm #53185ziggy_567Participant
I user Evernote for personal research and note taking. I don’t use it for client engagements since it is a “Cloud” service and my ROE’s generally state that I won’t store their data on a third-party system.
For client engagements, I generally use pen and paper, notepad, and Win 7’s Snipping Tool.
June 27, 2013 at 7:55 pm #53186
June 27, 2013 at 11:15 pm #53187Phillip WylieParticipant
I also like Evernote for keeping general notes, but I also don’t use it for client info during pentests.
I used Keepnote during the OSCP course and it did work well, so it would be a good solution for stuff you don’t want in the cloud. But with stuff like general notes that you don’t mind storing in the cloud Evernote is a better choice in my opinion. You can access it with a smartphone, PC or Mac.
June 28, 2013 at 3:04 am #53188unicitydParticipant
I’m a manager not a pen tester so my needs may be different. I still do some pen and paper note taking, but I’m trying to get away from it. I always end up with stacks of unorganized notes and I can’t get to them if I’m not in the office. Lately, I’ve been using OneNote for my meeting notes and ToDo lists.
For projects, I don’t limit myself to one program. If I’m not going to store confidential information, I create a folder on my SkyDrive. Otherwise, I store locally or on our LAN. I keep notes and documentation in Word. I use the Snipping Tool and MS Paint to take and modify screenshots. I use Excel for tables, data reports, etc. Google Apps are great if you want to be able to work outside of Windows, but not so great for confidential client data 🙁 OpenOffice may suit your needs, but I haven’t used it in years.
June 28, 2013 at 9:48 am #53189UKSecurityGuyParticipant
The SANS SEC560: Network Penetration Testing and Ethical Hacking course recommends MediaWiki, Dradis or MagicTree for taking notes.
Personally I use a mixture of notepad and folder structures for keeping information in at the moment, as it means I can copy/open the information on any machine I’m on.
June 28, 2013 at 12:33 pm #53190n37sh@rkParticipant
I use a mixture of Evernote for personal information and pics with a vague description for IT support but not pen testing I use more ms snipping tool and storage to a local LAN or encrypted drive for confidential info. MS word and open office work well for me when needed. I do still use pen and paper to scribble something down quick just to go back to a jog my memory when i’m writing the full notes.
July 10, 2013 at 6:30 pm #53191rattisParticipant
I’m a little late to the party, but for the research I do, I prefer Zim Desktop Wiki. It’s a personal wiki, with a nice tree on the side to make it easier to find things.
Screen shots and copy paste aren’t a problem. It’s cross platform.
I’ve had good luck taking the information in it and plugging it in to IBM’s I2 analyst notebook and maltego.
You must be logged in to reply to this topic.