From 31cafc7caefbe4496fe997fcd018b9ed0ea8d6c4 Mon Sep 17 00:00:00 2001 From: Eduardo Robles Date: Sun, 18 Jun 2023 21:47:18 -0500 Subject: [PATCH] FEAT: Adding Examples I added a lot of examples of the folder structure and how the documents can look if the caputer templates are used. Of course this all meant to be flexible to anyone workflow. But having good examples to see is always a good idea. --- .../cyber-docs/external/cases/support.org | 40 +++++++++++++++++++ .../internal/incidents/investigations.org | 38 ++++++++++++++++++ .../cyber-docs/internal/projects/projects.org | 23 +++++++++++ README.org | 4 +- 4 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 Examples/cyber-docs/external/cases/support.org create mode 100644 Examples/cyber-docs/internal/incidents/investigations.org create mode 100644 Examples/cyber-docs/internal/projects/projects.org diff --git a/Examples/cyber-docs/external/cases/support.org b/Examples/cyber-docs/external/cases/support.org new file mode 100644 index 0000000..2555dff --- /dev/null +++ b/Examples/cyber-docs/external/cases/support.org @@ -0,0 +1,40 @@ +#+TITLE: +#+AUTHOR: +#+EMAIL: + + +* Cases + +** Case Number#: 2023abd Date Created : 2023-01-10 +*** Vendor +Super Duper Cybers Corp. +*** Title +EDR broke compability with Windows 10 Version 21H2 +*** Description +We noticed issues with EDR endpoints when updating the database endpoint will lose internet. +*** Notes +:LOGBOOK: +- Note taken on [2023-06-18 Sun 21:24] \\ + Issue was first noticed when pushing updates to database +:END: +*** Questions +1. Can the update be bad? +2. Who was in charge of pushing out the update? +*** Solutions [50%] +- [X] Rollback update +- [ ] Check for degradation + +*** Email/Chat Logs +:LOGBOOK: +- Note taken on [2023-06-18 Sun 21:26] \\ + Me: What does boss say? + Dude: The boss says to fix ASAP! +:END: + +*** Debug/Troubleshooting Logs +:LOGBOOK: +- Note taken on [2023-06-18 Sun 21:27] \\ + New DB version 2.5 +- Note taken on [2023-06-18 Sun 21:27] \\ + Old DB version 2.4 +:END: diff --git a/Examples/cyber-docs/internal/incidents/investigations.org b/Examples/cyber-docs/internal/incidents/investigations.org new file mode 100644 index 0000000..614e106 --- /dev/null +++ b/Examples/cyber-docs/internal/incidents/investigations.org @@ -0,0 +1,38 @@ +#+TITLE: +#+AUTHOR: +#+EMAIL: + +* Investigations +** IN-PROGRESS Investigation#: Suspicious Powershell Command Date Created: 20230101 +:properties: +:export_file_name: 20230101_investigation_suspciouspowershell +:end: +*** Vendor +Super Duper Cybers Corps. +*** Title +Suspicious Powershell Command Executed by Finance Department +*** Assigned: +Eduardo Robles +*** Contacts +- Cyber Team +- Eduardo Robles +*** Description +Our IDR logged an a suspicious Powershell command executed from the Finance department. +*** Questions +1. Was this an intentional execution? +2. What is the purpose of the Powershell command? +3. Did anyone verify with I.T department regarding the Powershell command in question? +*** Solutions [%] +- [ ] Investigate the origin of the Powershell command +- [ ] Speak with employee who's work station is in question and their supervisor +- [ ] Flag the Powershell command as suspicious +*** Notes +:LOGBOOK: +:END: +*** Debug/Troubleshooting Logs +:LOGBOOK: +:END: +*** Email/Chat Logs +:LOGBOOK: + +:END: diff --git a/Examples/cyber-docs/internal/projects/projects.org b/Examples/cyber-docs/internal/projects/projects.org new file mode 100644 index 0000000..d1d8f49 --- /dev/null +++ b/Examples/cyber-docs/internal/projects/projects.org @@ -0,0 +1,23 @@ +#+TITLE: +#+AUTHOR: +#+EMAIL: + +* Projects +** Execute Network Scan for Vulnerabilities +:properties: +:export_file_name: 2023_network-vuln-scan +:end: +*** Description +Execute an NMAP on the network to find vulnerabilities +*** Scope: [%] +- [ ] Verify NMAP scan to find vulnerabilities +- [ ] Talk to Network team +- [ ] Talk to Administration/Management +*** Solution: [%] +- [ ] Scan the subnets provided by Network team +- [ ] Skip the scanning of web vulnerabilities +*** Notes +:LOGBOOK: +- Note taken on [2023-06-18 Sun 21:43] \\ + Find the documentation for NMAP +:END: diff --git a/README.org b/README.org index e15bc7c..81abccb 100644 --- a/README.org +++ b/README.org @@ -10,7 +10,7 @@ :PROPERTIES: :CUSTOM_ID: about :END: -In the cybersecurity work environment staying organized and good note taking is vital. You can track notes on incidents, investigations, support tickets, meeting, and much more. In my day to day work as a Cybersecurity Analyst I use [[https://www.gnu.org/software/emacs/][GNU Emacs]] and [[https://orgmode.org/][Org Mode]] to stay organized. The new and shiny applications that resemble this workflow are Obsidian, Notion, and LogSeq. The benefit of using GNU Emacs is you get to weave your documentation with actual code in a [[https://en.wikipedia.org/wiki/Literate_programming][Literate Programming]] kind of manner. This make collaboration and sharing easier and feature rich. +In the cybersecurity work environment staying organized and good note taking is vital. You can track notes on incidents, investigations, support tickets, meeting, and much more. In my day to day work as a Cybersecurity Analyst, I use [[https://www.gnu.org/software/emacs/][GNU Emacs]] and [[https://orgmode.org/][Org Mode]] plus a few other tools to stay organized. The new and shiny applications that resemble this workflow are Obsidian, Notion, and LogSeq. The benefit of using GNU Emacs is you get to weave your documentation with actual code in a [[https://en.wikipedia.org/wiki/Literate_programming][Literate Programming]] kind of manner. This make collaboration and sharing easier and feature rich. As explained by their concept of [[https://howardism.org/Technical/Emacs/literate-devops.html][Literate Devops]], Howard Abrams states: @@ -21,7 +21,7 @@ As explained by their concept of [[https://howardism.org/Technical/Emacs/literat 2. As an easy approach to compose emails to teammates when stuck. #+END_QUOTE -You can extend the concepts of Literate Programming and Literate DevOps to Cybersecurity work. You find yourself stuck during a Pentest? Just ~org-mime-org-buffer-htmlize~ to export the section your stuck and send to a coworker. Howard Abrams talks about using the power of [[https://orgmode.org/worg/org-contrib/babel/][Org Babel]] and [[https://www.gnu.org/software/tramp/][Tramp]] to work with servers, VMs, and remote machines. There is nothing stopping you from doing the same with these templates. Maybe this is the start of /Literate Pentesting/? +You can extend the concepts of Literate Programming and Literate DevOps to Cybersecurity work. You find yourself stuck during a Pentest? Just ~org-mime-org-buffer-htmlize~ to export the section your stuck on and send it to a coworker. Howard Abrams talks about using the power of [[https://orgmode.org/worg/org-contrib/babel/][Org Babel]] and [[https://www.gnu.org/software/tramp/][Tramp]] to work with servers, VMs, and remote machines. There is nothing stopping you from doing the same with these templates. Maybe this is the start of /Literate Pentesting/? *** Prerequisites :PROPERTIES: