Epilogue

We know that not everyone will have the time to read through every single interview, so we condensed some commonly answered questions here and ranked them in order from least number of times mentioned to most number of times mentioned. We hope you learned as much about red teaming as we did!

What are some tips on writing a good report?

  • Answer follow-up questions promptly. Gather feedback from your customers and make a note for your next report.
  • Highlight areas where the customer performed well; compliment the client on as many positives as possible.
  • Have someone double-check your spelling and grammar. Collaborate on the report with your peers and clients.
  • Use a standard template for your reports and develop style guides. Remember to sanitize everything in the deck.
  • Reframe your mind-set to view reporting as valuable. Use it as an opportunity to market yourself and set yourself apart.
  • Stick to the facts. Tell the truth. Be brave and be willing to admit if you didn’t find anything. It’s okay to be embarrassed, but don’t work past the contracted time just to see if you can finally “pop that shell.”
  • Put all technical data in the appendix. Have a “Findings” summary/glossary. Provide references to CVEs or technical guides.
  • Make your report engaging, as if you’re telling a story. Show how much work went into your engagement, and possibly inspire others to go into security.
  • Take notes as you test; write/take screenshots as you move along. Don’t worry about details and formatting ...

Get Tribe of Hackers Red Team now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.