First, the operating system, I'm using Linux because it's more flexible and easier to drive. I can pretty much do anything I want without having to really think about it. I can control most things without having to use the mouse (wasted time) or search (wasted time again). Since pentests are short engagements, the quicker you're, the more you can do. For me, working on OS X or Windows is just too much time wasted (I do understand that people prefers it because they are used to it). Furthermore, I cannot work without at least 8 to 10 virtual desktops.
Regarding windows manager, I tried a lot of them and I'm now using wmii, it's not better than any other windows manager, it's just better for me. On some windows manager, when you want to access a given application, you need to ALT-TAB until you find the right one, and the applications' order always changes, that's just a waste for time again. On wmii, or other similar windows manager, you can just use vi shortcuts to move between Windows and use one virtual desktop for each application (you can do the same on other wm like gnome or KDE but you need to set it up).
Personally, I setup my virtual desktops in the following way:
- 1: "administration shells", IRC and taking notes
- 2: Firefox (my testing browser)
- 3: Burp Suite
- 4: Chromium (my "working" browser)
- 5-9: different stuff: rdesktop, code review, eclipse, emulators... depends on the engagement
- 0: Music
I used Firefox for testing because it's more flexible and has better error messages than Chrome. I used Chrome for work because I like it better (and it feels safest).
For taking notes, I use vim with the following .vimrc:
My notes files looks like:
It work perfectly with vim;s scaffolding. This notes file allows me to keep track of any information during the testing and keep all the findings together. During the testing, I modify the findings from:
- [ ]: new finding unreported to client;
- [-]: finding reported to client;
- [X]: finding reported to client and written in the report.
Another thing I want to share is how I organise my tests. Every time, you're doing a code review or pentest, you see yourself writing some really simple code to test something. For this, I have a code repository with one repository per language:~/code/ruby, ~/code/php, ... That way, I have working examples of common vulnerabilities and secure methods for each language and I can have a quick look every time I need to.
Last thing I keep is a method folder, it's a basic write-up of current technics and methodologies:
- script to setup a gateway in few seconds,
- script to build SSL certificate and setup socat to MITM SSL,
- review scripts for a lot of different systems,
- how to audit different systems, how to review applications in a given languages
That's basically it, what tips do you have to share now?