Let's Make Pentesting Fun Again! Report writing in 5 minutes.

DefCamp
DefCampDefCamp
Adrian Furtunã Founder & CEO https://pentest-tools.com Let's make pentesting fun again! Report writing in 5 minutes. Fab România
Pentest reporting 2018 https://pentest-tools.com 2
Pentest reporting 2018 https://pentest-tools.com 3
Background info 2018 https://pentest-tools.com 4
About me 2018 https://pentest-tools.com 5 # Ex-fulltime pentester  10+ years of experience in ethical hacking & IT security  Reformed programmer # Founder of Pentest-Tools.com # Associate professor @ MTA, UPB # Speaker at security events and conferences:  Hack.lu - Luxembourg  Hacktivity – Budapest  ZeroNights - Moscow  Defcamp - Bucharest  OWASP Romania, etc
Pentest-Tools.com # We help companies become resilient against cyber attacks  Self-security assessment service  Periodic scans & notifications  Recommendation for fixing the issues  25+ essential tools • Updated • Configured • Ready to run 2018 https://pentest-tools.com 6 20% Effort 80% Security Coverage
Website activity # 1,4 million users last year # Organic growth 2018 https://pentest-tools.com 7 Audience Overview (Google Analytics) Company started
Our customers # > 3000 customers # 120 countries # 80% companies (SMEs) # 20% individuals 2018 https://pentest-tools.com 8
Back to pentest reporting 2018 https://pentest-tools.com 9
Solution 1 # Copy-paste from previous reports  What was the latest good version?  Search for findings in multiple reports  Adapt to the current client (!) 2018 https://pentest-tools.com 10
Solution 2 # Make your own report generator tool  Who makes it?  Who maintains it (bug fixing, new features, updated, etc)?  Who keeps it updated and clean with the latest findings? 2018 https://pentest-tools.com 11
Solution 3 # Use a third-party report generation tool  Serpico: • https://www.serpicoproject.com • https://github.com/SerpicoProject/Serpico  VulnReport: • http://vulnreport.io/ • https://github.com/salesforce/vulnreport # Challenges:  Deployment & Initial configuration  Learning a new reporting tool  Importing scan results 2018 https://pentest-tools.com 12
Our solution # Cloud-based # Scanning Tools => Results => Reporting (.docx) 2018 https://pentest-tools.com 13
Pentest-Tools.com # DEMO 2018 https://pentest-tools.com 14
Vouchers - 300 Free Credits # https://pentest-tools.com/register  Voucher code: DEFCAMP2018  Obtain 300 Free Credits into your new account 2018 https://pentest-tools.com 15
Our team 2018 https://pentest-tools.com 16 Vlad Turcanu Eusebiu Boghici George Pitis Adrian Furtuna Advisors Andrei Pitis Diana Olar Mihai Burduselu Andrei Damian
Thank you! 17https://pentest-tools.com Adrian Furtunã adrian.furtuna@pentest-tools.com 2018 Fab România
1 of 17

Let's Make Pentesting Fun Again! Report writing in 5 minutes.

Download to read offline
Technology

Adrian Furtuna in Bucharest, Romania on November 8-9th 2018 at DefCamp #9. The slides and other presentations can be found on https://def.camp/archive

DefCamp
DefCampDefCamp

Recommended

Deepali's resume by
Deepali's resumeDeepali's resume
Deepali's resumeDeepaliTyagi4
55 views1 slide
ATAGTR2017 Test the REST by
ATAGTR2017 Test the REST ATAGTR2017 Test the REST
ATAGTR2017 Test the REST Agile Testing Alliance
737 views11 slides
Anchore webinar thursday 21st july 2016 by
Anchore webinar thursday 21st july 2016Anchore webinar thursday 21st july 2016
Anchore webinar thursday 21st july 2016Christian Wiens
705 views28 slides
Sri monthly presentation 2016 by
Sri monthly presentation 2016Sri monthly presentation 2016
Sri monthly presentation 2016Akash Rajguru
186 views10 slides
A Modeling Editor and Code Generator for AsyncAPI by
A Modeling Editor and Code Generator for AsyncAPIA Modeling Editor and Code Generator for AsyncAPI
A Modeling Editor and Code Generator for AsyncAPIabgolla
1.1K views9 slides
ATAGTR2017 Detect Layout Bugs by Simulating Human Eye by
ATAGTR2017 Detect Layout Bugs by Simulating Human EyeATAGTR2017 Detect Layout Bugs by Simulating Human Eye
ATAGTR2017 Detect Layout Bugs by Simulating Human EyeAgile Testing Alliance
724 views14 slides

More Related Content

Similar to Let's Make Pentesting Fun Again! Report writing in 5 minutes.

London atlassian meetup 31 jan 2016 jira metrics-extract slides by
London atlassian meetup 31 jan 2016 jira metrics-extract slidesLondon atlassian meetup 31 jan 2016 jira metrics-extract slides
London atlassian meetup 31 jan 2016 jira metrics-extract slidesRudiger Wolf
436 views18 slides
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad... by
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...Mauricio Velazco
1.7K views38 slides
2018-10-18 J2 4C - its gonna be PowerApps and Flow - Penelope Coventry by
2018-10-18 J2 4C - its gonna be PowerApps and Flow - Penelope Coventry2018-10-18 J2 4C - its gonna be PowerApps and Flow - Penelope Coventry
2018-10-18 J2 4C - its gonna be PowerApps and Flow - Penelope CoventryModern Workplace Conference Paris
40 views22 slides
An update to software testing trends by
An update to software testing trendsAn update to software testing trends
An update to software testing trendsBugRaptors
72 views9 slides
DevOps as a Service - our own true story with a happy ending (JuCParis 2018) by
DevOps as a Service - our own true story with a happy ending (JuCParis 2018)DevOps as a Service - our own true story with a happy ending (JuCParis 2018)
DevOps as a Service - our own true story with a happy ending (JuCParis 2018)Philippe Ensarguet
325 views21 slides
Resume by
ResumeResume
Resumerashmi choudhary
67 views3 slides

Similar to Let's Make Pentesting Fun Again! Report writing in 5 minutes.(20)

London atlassian meetup 31 jan 2016 jira metrics-extract slides by Rudiger Wolf
London atlassian meetup 31 jan 2016 jira metrics-extract slidesLondon atlassian meetup 31 jan 2016 jira metrics-extract slides
London atlassian meetup 31 jan 2016 jira metrics-extract slides
Rudiger Wolf436 views
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad... by Mauricio Velazco
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...
Mauricio Velazco1.7K views
2018-10-18 J2 4C - its gonna be PowerApps and Flow - Penelope Coventry by Modern Workplace Conference Paris
2018-10-18 J2 4C - its gonna be PowerApps and Flow - Penelope Coventry2018-10-18 J2 4C - its gonna be PowerApps and Flow - Penelope Coventry
2018-10-18 J2 4C - its gonna be PowerApps and Flow - Penelope Coventry
Modern Workplace Conference Paris40 views
An update to software testing trends by BugRaptors
An update to software testing trendsAn update to software testing trends
An update to software testing trends
BugRaptors72 views
DevOps as a Service - our own true story with a happy ending (JuCParis 2018) by Philippe Ensarguet
DevOps as a Service - our own true story with a happy ending (JuCParis 2018)DevOps as a Service - our own true story with a happy ending (JuCParis 2018)
DevOps as a Service - our own true story with a happy ending (JuCParis 2018)
Philippe Ensarguet325 views
Resume by rashmi choudhary
ResumeResume
Resume
rashmi choudhary67 views
Catalog maintenance and epo services at ta by thinkahead.net
Catalog maintenance and epo services at taCatalog maintenance and epo services at ta
Catalog maintenance and epo services at ta
thinkahead.net509 views
Catalogue Maintenance & Editorial Process Outsourcing by thinkahead.net
Catalogue Maintenance & Editorial Process Outsourcing Catalogue Maintenance & Editorial Process Outsourcing
Catalogue Maintenance & Editorial Process Outsourcing
thinkahead.net699 views
Neha Arora_Resume by Neha Arora
Neha Arora_ResumeNeha Arora_Resume
Neha Arora_Resume
Neha Arora137 views
Resume shutima p_dataeng01 by ShutimaPotivorakun
Resume shutima p_dataeng01Resume shutima p_dataeng01
Resume shutima p_dataeng01
ShutimaPotivorakun99 views
Qa engineer dzmitry ananyeu by Dmitry Ananyev
Qa engineer dzmitry ananyeuQa engineer dzmitry ananyeu
Qa engineer dzmitry ananyeu
Dmitry Ananyev196 views
CompTIA PenTest+: Everything you need to know about the exam by Infosec
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
Infosec635 views
Sr Full Stack Developer by Muhammad Suhaib
Sr Full Stack DeveloperSr Full Stack Developer
Sr Full Stack Developer
Muhammad Suhaib91 views
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious? by CiNPA Security SIG
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
CiNPA Security SIG100 views
Manual JavaScript Analysis Is A Bug by Lewis Ardern
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A Bug
Lewis Ardern4.8K views
Raman monga by Raman Monga
Raman mongaRaman monga
Raman monga
Raman Monga247 views
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious? by CiNPA Security SIG
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
CiNPA Security SIG132 views
1802_Crossminer_OCF2018 by CROSSMINER European Project
1802_Crossminer_OCF20181802_Crossminer_OCF2018
1802_Crossminer_OCF2018
CROSSMINER European Project34 views
Building application security with 0 money down by DefCamp
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
DefCamp179 views
Probe.ly by Caixa Geral Depósitos
Probe.lyProbe.ly
Probe.ly
Caixa Geral Depósitos695 views

More from DefCamp

Remote Yacht Hacking by
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
1.7K views89 slides
Mobile, IoT, Clouds… It’s time to hire your own risk manager! by
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
974 views167 slides
The Charter of Trust by
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
558 views24 slides
Internet Balkanization: Why Are We Raising Borders Online? by
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
309 views22 slides
Bridging the gap between CyberSecurity R&D and UX by
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
260 views13 slides
Secure and privacy-preserving data transmission and processing using homomorp... by
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
470 views102 slides

More from DefCamp(20)

Remote Yacht Hacking by DefCamp
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
DefCamp1.7K views
Mobile, IoT, Clouds… It’s time to hire your own risk manager! by DefCamp
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
DefCamp974 views
The Charter of Trust by DefCamp
The Charter of TrustThe Charter of Trust
The Charter of Trust
DefCamp558 views
Internet Balkanization: Why Are We Raising Borders Online? by DefCamp
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
DefCamp309 views
Bridging the gap between CyberSecurity R&D and UX by DefCamp
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
DefCamp260 views
Secure and privacy-preserving data transmission and processing using homomorp... by DefCamp
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp470 views
Drupalgeddon 2 – Yet Another Weapon for the Attacker by DefCamp
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
DefCamp269 views
Economical Denial of Sustainability in the Cloud (EDOS) by DefCamp
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
DefCamp254 views
Trust, but verify – Bypassing MFA by DefCamp
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
DefCamp323 views
Threat Hunting: From Platitudes to Practical Application by DefCamp
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
DefCamp218 views
Implementation of information security techniques on modern android based Kio... by DefCamp
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
DefCamp215 views
Lattice based Merkle for post-quantum epoch by DefCamp
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
DefCamp241 views
The challenge of building a secure and safe digital environment in healthcare by DefCamp
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
DefCamp323 views
Timing attacks against web applications: Are they still practical? by DefCamp
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
DefCamp258 views
Tor .onions: The Good, The Rotten and The Misconfigured by DefCamp
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
DefCamp816 views
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t... by DefCamp
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp294 views
We will charge you. How to [b]reach vendor’s network using EV charging station. by DefCamp
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
DefCamp442 views
Connect & Inspire Cyber Security by DefCamp
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
DefCamp290 views
The lions and the watering hole by DefCamp
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
DefCamp225 views
Catch Me If You Can - Finding APTs in your network by DefCamp
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your network
DefCamp304 views

Recently uploaded

TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors by
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensorssugiuralab
21 views15 slides
Info Session November 2023.pdf by
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdfAleksandraKoprivica4
13 views15 slides
Kyo - Functional Scala 2023.pdf by
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
400 views92 slides
Piloting & Scaling Successfully With Microsoft Viva by
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaRichard Harbridge
12 views160 slides
SAP Automation Using Bar Code and FIORI.pdf by
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdfVirendra Rai, PMP
23 views38 slides
Democratising digital commerce in India-Report by
Democratising digital commerce in India-ReportDemocratising digital commerce in India-Report
Democratising digital commerce in India-ReportKapil Khandelwal (KK)
18 views161 slides

Recently uploaded(20)

TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors by sugiuralab
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
sugiuralab21 views
Info Session November 2023.pdf by AleksandraKoprivica4
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdf
AleksandraKoprivica413 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil400 views
Piloting & Scaling Successfully With Microsoft Viva by Richard Harbridge
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft Viva
Richard Harbridge12 views
SAP Automation Using Bar Code and FIORI.pdf by Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Virendra Rai, PMP23 views
Democratising digital commerce in India-Report by Kapil Khandelwal (KK)
Democratising digital commerce in India-ReportDemocratising digital commerce in India-Report
Democratising digital commerce in India-Report
Kapil Khandelwal (KK)18 views
"Running students' code in isolation. The hard way", Yurii Holiuk by Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays17 views
Future of Indian ConsumerTech by Kapil Khandelwal (KK)
Future of Indian ConsumerTechFuture of Indian ConsumerTech
Future of Indian ConsumerTech
Kapil Khandelwal (KK)22 views
Igniting Next Level Productivity with AI-Infused Data Integration Workflows by Safe Software
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software280 views
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive by Network Automation Forum
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Network Automation Forum34 views
Evolving the Network Automation Journey from Python to Platforms by Network Automation Forum
Evolving the Network Automation Journey from Python to PlatformsEvolving the Network Automation Journey from Python to Platforms
Evolving the Network Automation Journey from Python to Platforms
Network Automation Forum13 views
NET Conf 2023 Recap by Lee Richardson
NET Conf 2023 RecapNET Conf 2023 Recap
NET Conf 2023 Recap
Lee Richardson10 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp59 views
Design Driven Network Assurance by Network Automation Forum
Design Driven Network AssuranceDesign Driven Network Assurance
Design Driven Network Assurance
Network Automation Forum15 views
Case Study Copenhagen Energy and Business Central.pdf by Aitana
Case Study Copenhagen Energy and Business Central.pdfCase Study Copenhagen Energy and Business Central.pdf
Case Study Copenhagen Energy and Business Central.pdf
Aitana16 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker40 views
Voice Logger - Telephony Integration Solution at Aegis by Nirmal Sharma
Voice Logger - Telephony Integration Solution at AegisVoice Logger - Telephony Integration Solution at Aegis
Voice Logger - Telephony Integration Solution at Aegis
Nirmal Sharma39 views
Serverless computing with Google Cloud (2023-24) by wesley chun
Serverless computing with Google Cloud (2023-24)Serverless computing with Google Cloud (2023-24)
Serverless computing with Google Cloud (2023-24)
wesley chun11 views
20231123_Camunda Meetup Vienna.pdf by Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH41 views
Mini-Track: Challenges to Network Automation Adoption by Network Automation Forum
Mini-Track: Challenges to Network Automation AdoptionMini-Track: Challenges to Network Automation Adoption
Mini-Track: Challenges to Network Automation Adoption
Network Automation Forum13 views

Let's Make Pentesting Fun Again! Report writing in 5 minutes.