If you've been in the Red Team/Pentest game for a while you know note taking is very important when meeting with customers. Whether the meetings are in-person or over a conference call, its vital to record concise, accurate notes about their needs for a network security assessment. What I kept noticing was my notebooks would constantly fill up with the same bullet points and feedback needlessly recording the same responses: Grey Box, Full-Spectrum, WebApp, Details Points of Contact (POCs), Infrastructure to test, IP's, Limitiations, test accounts, Red Team data, Tasks... it was killing my time to focus during a meeting, not to mention all the dead whitespace. So I challenged myself to condense this recordkeeping into manageable sections that also allowed flexibility for recording customer requirements and track the progress of the various engagement milestones and tasks. This iterative process morphed into the Red Team Planner and it's simplistic style can very nearly record an entire engagements lifecycle in only six small pages.
The six-page, structured "Engagement Template" is grouped by progressive stages throughout the pentest engagement. They are a no-frills block style design to maximize data tracking by grouping important topics. Also the pages are arranged so that each opposing page is relevant to the topic or task at hand. Let's look at the first section of an Engagement Template for customer requirements and objectives.
Here you will notice each of the two opposing pages relates to customer data and not surprisingly is the first section. This makes it easy to write without having to flip the page to other sections. Also notice the check boxes for frequently recorded data points. Now just check the box which corresponds and save your ink. You have a good amount of space to record concisely and a little snippet of graph paper for freehand note taking like a quick network diagram.
The Team Data pages also oppose each other and allow for essential tracking of tasks, tools, infrastructure, and shared team accounts. Each task can be checked off with a "FIN" when completed and shows what team member was responsible. Tracking tools on a customer network is very important as well because at the commencement you need to clean up or point the customer in the direction to clean things left behind. Lastly, plenty of space was left for Infrastructure and Team Accounts. These could cover the Red Teams on personal accounts/infrastructure or various accounts/infrastructure acquired during the exploitation phase of the engagement. I pretty much left it open to the user to decide.
And finally we have the "Reports Data" to record all the findings and recommendations for the customer to take action. These sections can be added to periodically throughout an engagement as issues are found and solutions devised. A sheet of bullet paper was included as the last page so users can create their own freeform notes, tracking mechanism, or just doodle some thoughts.
In the back are 40 sheets of graph paper and bullet paper for other note taking adventures and a Contacts section for POC's and Team member details.
I truly hope users find the Red Team Planner useful in their engagements. Many months of trial and error went into the composition of this planner, and I'm sure many more revisions will be made over time. I'm available for any feedback @netmux on corrections, enhancements, or suggestions on how to make the Red Team Planner even better. I look at this as an evolving planner that tries to simplify an engagement and let team members focus more on the security assessment task at hand. Hopefully I have accomplished this goal for many of you.
Subscribe below for updates and future posts.
Blue Team Planner
We just sent you an email. Please click the link in the email to confirm your subscription!