The Art of Note-Taking

While finding vulnerabilities is exciting, if you don't document your steps, the entire engagement is worthless. Documentation is mandatory for ethical hacking.

Why Document?

1. Repeatability: Allows the Blue Team (defenders) to replicate your steps to confirm the vulnerability and patch it.
2. Scope Adherence: Proves you stayed within the legal bounds of the engagement.
3. Traceability: If you crash a system, notes help trace back the action that caused the crash.

Essential Things to Record

• Date and time of every scan and attempt.
• Exact commands used (copy/paste from the terminal).
• All intermediate results (Nmap output, web server responses).
• Screenshots of successful exploitation steps.

Tool Note: Use tools like cherrytree, Joplin, or simply text files with clear structures to save your findings during the engagement.