Hack for Show, Report for Dough

Presented at Wild West Hackin' Fest 2018, Oct. 25, 2018, 2 p.m. (50 minutes).

*"I'll hire a mediocre hacker who can *write* over an amazing exploit developer who can't."* The fun part of pentesting is the hacking. But the part that makes it a viable career is the report. You can develop the most amazing exploit for the most surprising vulnerability, but if you can't document it clearly for the people who need to fix it, then you're just having fun. Which is fine! But if you want to make a career out of it, your reports need to be as clear and useful as your hacks are awesome. This talk shows simple techniques you can use to make your reports clear, useful, and brief. You'll see some before-and-after examples of a bad report made good, with clear explanations of what makes the difference. Those things will be useful no matter what tools you use to create reports. Then, if we have time, we'll look at some Microsoft Word hacks that will save you time and improve consistency.

Presenters:

  • BB King - Black Hills Information Security
    Brian’s IT career started with telephone technical support, transitioned to supporting software dev toolkits, and eventually to leading a team focused on testing internal applications during corporate mergers. In 2008, he moved to information security, where he developed application security testing and reporting standards, before becoming a security analyst.

Links:

Similar Presentations: