Report Daily
Run SnakeScan
Proofread
Double Spaces are Evil
Be Consistent
100

You should do this every day!

What is report findings and today's narrative 

100

Do this before handing in your report!

What is Proofread!!!!!!

100

This should be checked to confirm the clients full name

What is the SOW?

100

Make sure these Active Directory types are always lowercase

What is users? Example domain administrator

100

These are the fonts for program names vs program filename 

What is 

Normal "Notepad" 

Consolas Notepad.exe

200

The "i" in this word should always be capitalized

What is "Internet"?
200

The passive version of this statement is "During the workshops, concerns were expressed regarding the client’s non-segmented network." 

What is "During the workshops, Mandiant expressed concerns regarding the client’s non-segmented network."

200

The most important thing in every report

What is consistency?

200

How should group names be formatted

What is code format (consolas) and capitalized?

Domain Admins

200

Tools should be in ___ font NOT ___

what is normal NOT code (consolas)

300

The proper way to format acronyms the first time they are mentioned

What is full title ("acronym")?

300

The proper capitalization and format of Active Directory users

What is DOMAIN\username?

300

The proper steps for running SnakeScan

What are:

Update SnakeScan

Run PlexTrac Rules

Insert Footnotes 

Write report 

Run SnakeScan again

300

The passive version of this statement is "Multifactor authentication is recommended by Mandiant as a good security practice. "

What is "Mandiant recommends multifactor authentication as a good security practice "

300

Protocols should be in this font/format


What is all caps normal text (HTTPS, HTTP, etc.)

400

This parentheses enclosed noun should not be included in finding titles 

What is acronyms that define?

Example Server Message Block ("SMB") Enabled vs Server Message Block Enabled

400

Name at least 5 ways to say "as shown in Fig"

What is:

As demonstrated in

Fig points out

Fig highlights 

Fig shows

As you can observe in Fig 

400

You should always order these by criticality 

What are findings and strengths/weaknesses?

400

 “Implement stronger password policies” is a bad finding title because it is ___ not ____

What is a recommendation not a vulnerability?

Should be "Insufficient Password Complexity" 

400

A footnote should contain this and no other text

What is a link to the reference? 

500

Which word in the finding's title should be capitalized?

What is all the words except (with, in, for, to, etc.)?Source: PlexTrac Finding Review

500

Code style (consolas) should be applied to these 7 items

What is: 

Hostnames

URL

IP addresses

Usernames

Affected scope

Group Names 

Commands 

500

You should do more of this in your life and less in your reports 

What is "run" on sentences?

500

The passive version of this statement is "PowerView was ran to enumerate Active Directory"

What is "Mandiant used PowerView to enumerate Active Directory"

500

Actions, fields, content, etc. protocols use/send should be in this font

What is consolas?

M
e
n
u