Our great sponsors
-
OP here. These are screenshots of killchains I create for each machine writeup. Each killchain highlights steps I took to get flags. Colors highlight the 3 phases (enumeration, exploitation and privilege escalation) of killchain. These images were created using the writeup automation tool, named Svachal (http://github.com/7h3rAm/svachal). For more details, check the linked tweet and github repo https://github.com/7h3rAm/writeups. It includes TTPs, summaries and pdf/markdown writeups.
-
I combine this with machinescli to track/query machines metadata (platform, oscplike, owned, etc.). I also use phase-specific TTPs to tag and query writeups. This has helped me to create a knowledge base that is easy to search and shows tips/tricks I can reuse when needed. The TTPs to port/protocol/service mapping is another useful feature that helps when starting with a new machine to see what can be used from the knowledge base.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.