This class is a distillation of what I’ve learned in my pentesting career about how to create a report that is both easy to read and hard to misunderstand. I will help you develop habits and support materials that simplify the work of reporting so you can get better results with less effort. Ask anyone who signs the checks which is worth more: a clear and actionable report from a tester with average technical skills, detailing how vulnerabilities were found and exploited, showing the impact of those exploits, and making concrete recommendations for improvement? Or a hastily-assembled list of compromised systems, thrown together by an elite hacker in the last hour of the contract after running a rampage through your networks? If you want to set yourself apart, work on your reporting skills. The hacks are ephemeral. The report lives forever. The hacks are fun – and they require your constant effort to keep current. The reporting is what makes this all a viable career – and once you know how to produce a good one, you can apply that skill endlessly as the computing world changes around you. This course helps you know what makes a good report good. It discusses the reporting mindset, and the foundational principles that always lead to a report you can be proud of, regardless of the tools you use for the test or for writing the report. We will look at some real reports as examples, and work together on ways to improve in the areas that are most important, as well as those that are most commonly neglected.
