8. Reporting
Pillar 8: Reporting & Portfolio Development
BLUF: Technical skill without communication is invisible. Your report is the artifact the client keeps, and your public portfolio is the artifact employers keep. Split the work so each file answers one reporting question cleanly.
🟣 OW64 — P8: Reporting Action Items
- Finding Documentation · 2. Executive Summary Writing · 3. Technical Report Writing · 4. Remediation Framework Mapping · 5. Attack Path Documentation · 6. Public Writeup Creation · 7. Tool Repository Curation · ✦ 8. Full Portfolio Development
Authorized use only: Use these notes only in owned, explicitly authorized, or isolated lab environments.
Detection awareness: Assume commands, binaries, network calls, identity changes, and cloud or directory actions may be logged by endpoint tooling, audit frameworks, SIEM pipelines, proxy logs, DNS logs, auth logs, and platform telemetry.
Blue-team view: Treat every technique as a defender validation exercise too: note what artifacts it creates, what alerts or hunts could surface it, and what monitoring or hardening would prevent or contain it.
CTF/lab boundary: If a sandbox or CTF includes bypass-oriented exercises, keep them confined to that environment and translate the lesson into detection, prevention, and cleanup notes rather than real-world evasion guidance.
graph TB
Start([Finding Documentation]) --> ExecSummary[Executive Summary Writing]
ExecSummary --> TechReport[Technical Report Writing]
TechReport --> Remediation[Remediation Framework Mapping]
Remediation --> AttackPath[Attack Path Documentation]
AttackPath --> PublicWriteup[Public Writeup Creation]
PublicWriteup --> ToolRepo[Tool Repository Curation]
ToolRepo --> Portfolio([Full Portfolio Development])
style Start fill:#ff6600
style Portfolio fill:#00aa00MITRE ATT&CK Mapping Reference
Reporting requires mapping technical findings to the MITRE ATT&CK framework to provide context on attacker behavior and allow defenders to prioritize detections.
| Component | Purpose | Example |
|---|---|---|
| Technique ID | Unique identifier for the attack method | T1558.003 (Kerberoasting) |
| Tactic | The high-level goal of the technique | Credential Access |
| Mitigation | Defensive controls to prevent the technique | M1027 (Password Policies) |
| Detection | How to identify the technique in logs | DS0015 (Active Directory) |
File Map
| File | Theme | What it covers |
|---|---|---|
| 8. Reporting (this file) | Hub | Navigation, ATT&CK reference, shared resources |
| 8.1 Finding Documentation | 1 — Finding Documentation | Evidence capture, severity rating, reusable finding write-up template |
| 8.2 Executive Summary Writing | 2 — Executive Summary | Leadership-facing summary, risk framing, language rules |
| 8.3 Technical Report Writing | 3 — Technical Report | Full report structure, report tables, ADCS/cloud finding templates |
| 8.3a Rules of Engagement | 3a — Governance | Authorization, scope boundaries, stop conditions, comms, and sign-offs |
| 8.4 Remediation Framework Mapping | 4 — Framework Mapping | CIS, NIST CSF, MITRE ATT&CK mapping and prioritization |
| 8.5 Attack Path Documentation | 5 — Attack Path | Kill chain diagrams, replay steps, debrief structure |
| 8.6 Public Writeup Creation | 6 — Public Writeups | Long-form technical content, SEO, platform selection |
| 8.7 Tool Repository Curation | 7 — Tool Repos | Public tooling, README expectations, demos, documentation quality |
| 8.8 Full Portfolio Development | 8 — Portfolio | Portfolio strategy, content plan, checklist, narrative cohesion |
Recommended Reading Order
- 8.1 Finding Documentation
- 8.2 Executive Summary Writing
- 8.3 Technical Report Writing
- 8.3a Rules of Engagement
- 8.4 Remediation Framework Mapping
- 8.5 Attack Path Documentation
- 8.6 Public Writeup Creation
- 8.7 Tool Repository Curation
- 8.8 Full Portfolio Development
Resources
| Resource | Type | Pillar Relevance |
|---|---|---|
| TCM Security Report Template | Template | Items 1–3 |
| Offensive Security Report Template | Template | Items 2–3 |
| Certify | Tool | Technical report templates |
| Certipy | Tool | Technical report templates |
| MITRE ATT&CK Mitigations | Reference | Item 4 |
| CIS Controls v8 | Reference | Item 4 |
| NIST CSF 2.0 | Reference | Item 4 |
| draw.io | Tool | Item 5 |
| GitHub Pages | Platform | Items 6, 8 |
| HackTricks | Reference | Item 6 (format inspiration) |
| 0xdf Blog | Reference | Item 6 (quality standard) |
| PenTest+ (CompTIA) | Certification | Items 1–4 |
| CRTO (Zero-Point Security) | Certification | Items 1–5 |
Part of the Red Teaming 101 series.