search

πŸ”How to Write Up a Finding

hashtag
🎯 Overview

Findings are the "meat" of penetration testing reports - showcasing discovered vulnerabilities, exploitation evidence, and remediation guidance. Detailed findings help technical teams reproduce issues, validate fixes, and support post-remediation assessments.

hashtag
πŸ“‹ Essential Finding Components

hashtag
πŸ” Required Elements

# Minimum finding information:
1. Description           # Vulnerability explanation and affected platforms
2. Impact               # Risk if left unresolved
3. Affected Systems     # Specific hosts/networks/applications
4. Remediation         # Actionable fix recommendations
5. References          # External resources for additional information
6. Reproduction Steps  # Evidence and step-by-step validation

# Optional elements:
- CVE numbers
- OWASP/MITRE IDs
- CVSS scores
- Ease of exploitation
- Attack probability
- Additional context

hashtag
πŸ“Š Finding Structure Template

hashtag
πŸ” Evidence Best Practices

hashtag
πŸ“Š Reproduction Steps Guidelines

hashtag
πŸ“· Screenshot Standards

hashtag
πŸ’» Terminal Output Presentation

hashtag
πŸ“ Remediation Best Practices

hashtag
βœ… Good Remediation Examples

hashtag
❌ Bad Remediation Examples

hashtag
🎯 Sample Finding Examples

hashtag
πŸ”‘ Kerberoasting Finding

hashtag
🌐 Web Application Finding

hashtag
πŸ” Quality Reference Selection

hashtag
βœ… Good Reference Sources

hashtag
❌ Poor Reference Sources

hashtag
🎯 HTB Academy Lab Solution

hashtag
Lab Question

hashtag
WriteHat Tool Practice

hashtag
πŸ”§ Professional Writing Guidelines

hashtag
πŸ“ Language Standards

hashtag
🎯 Client Consideration

hashtag
πŸ’‘ Key Takeaways

  1. Detailed findings enable technical team reproduction and validation

  2. Evidence quality must be completely defensible

  3. Remediation recommendations should be specific and actionable

  4. Professional language essential for client credibility

  5. Multiple solution options accommodate different budgets and capabilities

  6. Reference quality affects long-term finding usefulness

  7. Consistent formatting improves report readability and professionalism

Well-written findings combine technical accuracy with clear communication, providing clients with actionable intelligence for vulnerability remediation and security improvement.

PreviousComponents of a ReportNextReporting Tips and Tricks

Last updated