Report Daily
You should do this every day!
What is report findings and today's narrative
Do this before handing in your report!
What is Proofread!!!!!!
This should be checked to confirm the clients full name
What is the SOW?
Make sure these Active Directory types are always lowercase
What is users? Example domain administrator
These are the fonts for program names vs program filename
What is
Normal "Notepad"
Consolas Notepad.exe
The "i" in this word should always be capitalized
The passive version of this statement is "During the workshops, concerns were expressed regarding the client’s non-segmented network."
What is "During the workshops, Mandiant expressed concerns regarding the client’s non-segmented network."
The most important thing in every report
What is consistency?
How should group names be formatted
What is code format (consolas) and capitalized?
Domain Admins
Tools should be in ___ font NOT ___
what is normal NOT code (consolas)
The proper way to format acronyms the first time they are mentioned
What is full title ("acronym")?
The proper capitalization and format of Active Directory users
What is DOMAIN\username?
The proper steps for running SnakeScan
What are:
Update SnakeScan
Run PlexTrac Rules
Insert Footnotes
Write report
Run SnakeScan again
The passive version of this statement is "Multifactor authentication is recommended by Mandiant as a good security practice. "
What is "Mandiant recommends multifactor authentication as a good security practice "
Protocols should be in this font/format
What is all caps normal text (HTTPS, HTTP, etc.)
This parentheses enclosed noun should not be included in finding titles
What is acronyms that define?
Example Server Message Block ("SMB") Enabled vs Server Message Block Enabled
Name at least 5 ways to say "as shown in Fig"
What is:
As demonstrated in
Fig points out
Fig highlights
Fig shows
As you can observe in Fig
You should always order these by criticality
What are findings and strengths/weaknesses?
“Implement stronger password policies” is a bad finding title because it is ___ not ____
What is a recommendation not a vulnerability?
Should be "Insufficient Password Complexity"
A footnote should contain this and no other text
What is a link to the reference?
Which word in the finding's title should be capitalized?
What is all the words except (with, in, for, to, etc.)?Source: PlexTrac Finding Review
Code style (consolas) should be applied to these 7 items
What is:
Hostnames
URL
IP addresses
Usernames
Affected scope
Group Names
Commands
You should do more of this in your life and less in your reports
What is "run" on sentences?
The passive version of this statement is "PowerView was ran to enumerate Active Directory"
What is "Mandiant used PowerView to enumerate Active Directory"
Actions, fields, content, etc. protocols use/send should be in this font
What is consolas?