Logs and Notes
Most productivity tools waste more time than they claim to save. Upon their suggestion, the go-to reaction should be sceptical brow-furrowing. I'm not sure why humans so easily believe outrageous claims, especially for things like phone applications that supposedly monitor REM sleep without decorating your scalp with suction cups. Still, as everyone has learnt the hard way, no one is immune to being fooled. So, we oughta scrutinise anything that may actually change our actions. 35% extra prolonged eye-squinting. As long as your distrustful rant is garnished with jokes, your friends won't hate you for sucking the fun out of everything. Not enough worth caring about, anyway.
Tools that stand the test of time for me are whiteboards, note books, meticulously-organised directory structures for technical books, work, and courses, web-applications like kanboard, and a chatbot with motivational phrases. Not like the worrying social media posts of a failing athlete; Something you know will work for you. Methods that've fallen to the fray over time for me: taskwarrior, ballpoint pen wrist-scribbles, and various mind-maps from the university days that're long since obsoleted.
The most powerful tool unsurprisingly requires the most upkeep. Logging.
0. Technical Logs
At work, I log each ticket, each project, each day. Over time, for any particular task, a process and format develops. Typically each ticket has a subdirectory with a readme in markdown, various folders for related files. The format of the readme.md develops over time via templating. It's hard to forget investigating an attack vector if it has a barren header glaring at you from your notes.
For example, in a penetration test, each host would have its own directory, with a readme, basic nmap -sV-esque scan results, a folder for retrieved files, a folder for emulating the host (e.g. OS isos, software installations/source code), folders for exploits (custom, remote, local). The readme.md has headers for metadata - IP, interesting ports, users, services, etcetera. A story which describes the history of how I tried to attack it. Lastly, a summary that describes the end-result; If rooting it was successful, a short explanation on how to repeat that without having to navigate through any of the fruitless earlier attempts. Something easy to refer to if you need to re-root a pivot or just a reminder for the report.
It's easy to imagine how this would be customised for an analyst investigating various network or host-based hits, or an incident responder, vulnerability researcher, application security, engineer etcetera. Likewise for studying books chapter-by-chapter, exercise-by-exercise, in addition to courses and online-CTFs. Security's broad scope encompasses all of computing, so keeping easily-greppable, nuanced archives of prior experiences is invaluable if you have that feeling you think you dealt with something similar before.
dud1337@dudpad:~/learning/books$ tree pma
├── media
│ ├── labs
│ │ ├── Chapter_10L
│ │ │ ├── Lab10-01.exe
│ │ │ ├── Lab10-01.sys
│ │ │ ├── Lab10-02.exe
│ │ │ ├── Lab10-03.exe
│ │ │ └── Lab10-03.sys
│ │ ├── Chapter_11L
...
│ └── practical-malware-analysis.pdf #I own the pdf and hard-copy
├── mini-notes
│ ├── malware-ideas.md
│ └── readme.md
├── notes
│ ├── part-0-intro
│ │ ├── ch-00
...
│ │ └── ch-10
│ │ ├── labs
│ │ │ ├── 10-1.md
│ │ │ ├── 10-2.md
│ │ │ ├── 10-3.md
│ │ │ └── readme.md
│ │ ├── osrloaderv30.zip
│ │ ├── playing_with_windbag.md
│ │ ├── readme.md
│ │ └── windbg_setup_guide_dudw4r3z
│ │ ├── dbg_x86_6.11.1.404.msi
│ │ ├── readme.md
│ │ └── WindowsXP-KB936929-SP3-x86-symbols-full-ENU.exe
...
│ │ ├── ch-12
│ │ │ ├── labs
│ │ │ │ ├── 12-1.md
│ │ │ │ ├── 12-2.md
│ │ │ │ ├── 12-3.md
│ │ │ │ ├── 12-4.md
│ │ │ │ ├── ida_db
│ │ │ │ │ ├── Lab12-01.idb
│ │ │ │ │ ├── Lab12-01.idbbb.idb
│ │ │ │ │ └── Lab12-02.idb
│ │ │ │ └── media
│ │ │ │ ├── decoded.exe
│ │ │ │ ├── decode.py
│ │ │ │ ├── embedded-04.exe
│ │ │ │ └── encoded.exe
│ │ │ └── readme.md
...
└── sheets
├── dynamic_analysis.md
├── inetsim.conf
├── malware_design.md
├── shellcode_analysis.md
└── static_analysis.md
124 directories, 390 files
A typical directory notes layout for reading a technical book. p.s. I loathe when technical books don't have proper exercises.
dud1337@dudpad:~/code/gitlab$ tree pwk
├── data
│ ├── names
│ └── passwords
│ ├── known_pass_pairs
│ ├── known_passwords
│ ├── machine_specific_hashes
│ │ ├── 10.XXX.XXX.XXX
...
│ ├── mutating
│ │ ├── editer.py
...
│ ├── README.md
│ └── windows-hashes
├── EXAM
...
├── exercises
...
│ ├── 10.2.3
│ │ ├── debug
│ │ │ ├── exe2bat.exe
│ │ │ ├── nc.exe
│ │ │ └── nc.txt
│ │ ├── ftp
│ │ │ └── ftp_add_user.sh
│ │ └── tftp
│ │ └── nc.exe
...
├── machines
│ ├── known
│ │ ├── other
...
│ ├── pwn
│ │ ├── admin
│ │ │ ├── 10.3.3.42
│ │ │ │ ├── afp-serverinfo
│ │ │ │ ├── goodies
│ │ │ │ │ └── authorized_keys
│ │ │ │ ├── linuxprivchecker
│ │ │ │ ├── post-goodies
│ │ │ │ │ ├── passwd
│ │ │ │ │ ├── proof.txt
│ │ │ │ │ ├── README.md
│ │ │ │ │ ├── shadow
│ │ │ │ │ └── unshadowed
│ │ │ │ ├── README.md
│ │ │ │ └── tools
│ │ │ │ ├── lshell.py
│ │ │ │ └── milter.txt
...
│ │ ├── dev
...
...
│ │ ├── it-dept
...
│ │ └── public
...
│ ├── README.md
│ └── service-lists
│ ├── dns
│ ├── http-open
│ ├── pop3-open
│ ├── rdp-open
│ ├── smb-open
│ ├── smtp-open
│ └── snmp-open
├── mini-notes
│ ├── EXAM.md
│ ├── README.md
│ └── REMAINING.md
├── notes
│ ├── ch-00
│ │ └── README.md
...
├── people
│ ├── README.md
│ └── software
├── proxy
│ └── README.md
├── README.md
├── report
│ ├── exam-report
│ │ ├── PWKv1-REPORT.odt
│ │ └── sample
│ │ └── PWKv1-REPORT.odt
│ ├── lab-report
│ │ ├── README.md
│ │ ├── samples
│ │ │ ├── PWK-Example-Report-v1.pdf
│ │ │ ├── PWKv1-REPORT.doc
│ │ │ └── PWKv1-REPORT.odt
│ │ └── valuble
│ │ ├── bank-account.xls
│ │ ├── Employees.xls
│ │ └── stat.gif
│ └── README.md
├── sheets
│ ├── command_line.md
│ ├── gui
│ │ └── burpsuite
│ │ └── README.md
│ ├── network-usage
│ │ ├── data
│ │ ├── iptables-log.sh
│ │ └── iptables-stop.sh
│ └── sql.md
└── tools
├── exam-connection.tar.bz2
...
├── post
│ └── linux
│ ├── Linux_Exploit_Suggester.pl
│ └── linuxprivchecker.py
├── shells
│ └── php-reverse-shell.php
├── suggesters
│ ├── Linux_Exploit_Suggester.pl
│ ├── linuxprivchecker.py
│ └── windows-exploit-suggester.py
├── troubleshooting.sh
├── troubleshoot.log
├── upload
│ └── echoable-hex.py
└── xss
├── 1l-browser-info.html
└── browser-info.html
369 directories, 1186 files
Looking back, this is quite the neophyte's layout compared to subsequent courses. Experience allows a better initial layout whereas this grew organically from a n00b brain. Don't judge for the "neophyte"-usage; Bloodlines 2 was announced a few days ago.
1. Work Logs
Outside of technical logs, daily logs of a few sentences in files like 2019-03-25.md prove useful. What did you do? Was it enough? Anything interesting happen? What should you do?
Logs of potentially hamstringing processes, like access-requests or sorting out benefits and travel arrangements, with one file each and time-stamped notes simplify what could be a messy process clogging up your mental RAM by vaguely floating around your thoughts.
Quarterly intervals seem to suit longer-winded reviews on work in general. Are you learning? If not, can you control that? Are you getting paid enough? Are promises being kept? It's worth writing such reviews in spurts over a few days to avoid too much colour from a transitory mood. Comparing the 6 month mark at one job to another is useful to keep things in perspective.
2. Life Logs
Ever used a nutrition tracker?
Ever began to abhore using a nutrition tracker?
Life is the hardest thing to log consistently for me. In retrospect, perhaps due to mentally modelling it so vaguely I refer to it as 'life.' In 2018, I managed to log 48 weeks of exercise and diet using a spreadsheet. Neither of those were particularly consistent, but hey, at least the logging was. More and more aspects of life infested the spreadsheet and organically some semblance of a routine developed.
In January, surprised at the length of consistency, I made a more detailed template-spreadsheet to fill in every week. Predictably, it's overly ambitious.
One sheet per week.
Ad-hoc weighted grading metrics for each week, however irrelevant overall, verify its overly ambitious nature; I see a lot of D+ weeks. Fucking Hofstadter's law. Still, I'm confident I've achieved more with it than would've without it; Not that it ever feels like as much effort as it could've been and not that I can time travel backwards to see what the outcome would be like without logging, but seeing how much less I get done if I miss a few days is a satisfactory indicator.
It does take time to fill in, but I probably waste at least 20 minutes a day doing things my brain deems unworthy of bothering to commit to memory, so it's easy to persuade yourself to. Once in the morning, once in the night.
3. Is it worth it?
You can do your job and live life without it. Most people seem to. Sometimes, things previously loggable may become so trivial it becomes irrelevant to go into any detail. Like a life-wasting XSS network hit you know is benign. It's not essential.
However, it allows you to lose track of boring tasks; Delegate them to the 10 minutes in the morning you check the logs. It's important for anything reliably-transferrable to numbers: Budgeting, strength-training, nutriton, etcetera. Once you do it for a while, you can spot trends and be conscious of avoiding negative ones in the future. "I didn't realise I was doing that so much/wasn't progressing here fast enough." Accountability for personal goals can be difficult; You're less likely to let a lazy decision slip in if you have to write it down. Don't wanna taint that record.
What would Gohan do?
↑ Top ⌂ Home