Anytime I work on a project I take some kind of notes. Sometimes the notes are simple, but other times, the material I am working with can get somewhat involved and I need to take good notes to keep track of things. This is very much the case when doing security testing/penetration testing, security research, etc.

I am always looking to improve and to become more efficient at what I am doing, and taking better notes, I think, can help us out throughout the project and in the future. A lot of the times, there is some kind of report involved and this notes (especially if we took some good notes :)) are a big help when writing the report. I have found most of the time, that if I have good notes writing the report is more of a breeze than a chore. This notes also allow you to come back to something you found in another assessment that can help you in your next one. I don’t know about you, but I don’t like doing things twice if I can help it, and doing research on something I already know I have done in the past seems a bit of a waste of time! This is why taking good notes can make a big difference and I see a lot of good value in taking good notes.

I found this article in pentesterlab.com with a simple guide and some good points of important details to include and a basic idea of how to organize your notes:

https://blog.pentesterlab.com/keeping-notes-during-a-pentest-security-assessment-code-review-7e6db8091a66

Another thing I would like to discuss is tools and how to do we track these notes? We worked hard to put them together in an organized format so that we can get refer to them later, but it does us no good if they get accidentally deleted or lost somehow.

I have used a variety of tools over the years. From simple notepad as well as  notepad++,  vim, Cherrytree, OneNote, Evernote(very briefly), and Google Docs. To keep track of the notes (storage) ,I have used OneDrive, Google Drive, and Git (GitHub, GitLab, BitBucket). There is a couple tools here that have an advantage on the storage fronts, those are OneNote, Evernote and Google Docs. They really kill two birds with one stone! They are a note taking application and they also sync to the cloud in the background, making it for easier book keeping.

I liked the way that you could structure things in Cherrytree and I ended up using for a good while, but then I went back to OneNote and have not looked back. I have found it to be a pretty good tool overall, although I do find it missing some features that I would like to have. The way you can structure your notes works pretty good for me, you can have groups, sections and under each section, pages. Some of the features I wished it had, is markdown support and being able to insert code snippets. For multi platform support you can use the browser, but that can be a blocker for some, especially if there is no internet connection. I have rarely found that situation, but I suppose you could use some other editor and then copy and paste on OneNote when you reconnect. I also work mostly only Windows now days, especially with WSL2, it makes it a lot easier to do things without firing up an actual VM. However, if you are strictly working from Linux, than your mileage may vary.

I hope you found this helpful, I just wanted to share some insights about note taking that may help someone :)

Picture provided by Vecteezy.com