To begin, I would like to present a quote from the great Adam Savage:
“The only difference between screwing around and science is writing it down”
This encapsulates my feelings on the note taking practice and also serves as a TL;DR (too long; didn’t read) for this whole post. That being said, what I’m about to go into can be organized into the following categories:
- Why You Should Take Notes
- Digital vs. Physical Notes
- Important Notes to Take
- Converting Notes Into Write-ups 101 (where permitted)
Why You Should Take Notes
You’re probably asking yourself, “Why should I even take notes?” The last thing you want to do while trying to solve a difficult challenge is to try and jot things down. While working on anything technical, it’s very important to (at the very least) have some form of documentation for what was done. For capture-the-flags (CTFs) and generalized computer hacking, notes are important for several reasons:
- Good notes make for good write-up.
- Notes allow you to look back at your failed attempts and learn from them.
- Notes can help you organize your thoughts.
- When you run into the same problem in the future, you might not remember how you solved it, but you can certainly look it up in your own notes!
Fundamentally, my opinion is that “effective note taking” is when you write in such a way that you can easily look back on what you did and learn from it. For some, this could be only writing down only the necessary information, but personally I tend to write very long and verbose notes. There is a single underlying rule on how I judge what I’ve written — how well can what I’ve written explain to someone else how to accomplish a task. If you can use your notes to effectively explain a concept to someone else, then they’re good notes.
That being said, your notes you write in the middle of a competition don’t have to be of write-up quality. You can always take brief notes during the competition and rewrite those notes later (so they make more sense out of context).
Digital vs. Physical Notes
Both physical and digital notes have their pros and cons.
Using a pen and paper allows for you to easily doodle in your notes and jot down mathematical equations. Digital note taking on the other hand has some features that I love. I can backup my notes, copy and paste text, include images, and (depending on the software) I can actually write and run code in a notebook (a big shout out to Jupyter Notebooks). That being said, I have yet to find a way to express mathematical equations in a quick and simple way using a digital note taking app. It tends to be a thorn in my side when it comes to quickly expressing mathematical functions.
For simplicity’s sake, I am going to be using Evernote as the reference for digital note taking because it supports quick note sharing, has a web UI, has syntax support similar to markdown, and has a good set of organizational features. I recommend using Evernote if you’re working in a team setting. However, if you are working alone or you don’t have to worry about sharing notes with others, I would recommend using Jupyter.
Important Notes To Take
Deciding what needs to go into notes can be a challenging process. When taking notes on a particular problem I tend to jot down the initial information I’m given and any information found during reconnaissance.
This is includes, but is not limited to, the following:
- The challenge description
- Any domain or IP address that has been provided
- If its a crypto challenge — the cipher text
- If its a challenge dealing with a binary — the output of the file command
- Any timestamps or dates available
- Any scanners output
- Any URL parameters or interesting traffic
The next stage in my note taking involves looking at the above information and seeing if I can formulate a hypothesis on how to solve the challenge. For me, this is a one or two sentence description of what I think might be the most likely avenue of attack. For a crypto challenge, it it may look something like:
“The cipher-text looks to be the representation of something in a different numerical base. Maybe I will try throwing it into cyber chef.”
Every time you attempt a challenge, make sure to take notes for each unique attempt you make.
Always preserve the failed attempts in your notes!
Just because an attempt failed doesn’t mean that you can’t learn from it. By keeping record of what did and did not work allows you to improve future attempts at similar challenges.
Here are some things you should probably include about each attempt:
- Any tools used (Links to them are nice, but not needed)
- Links to any websites you referenced
- Any code you wrote (preferably with comments so you can decipher it later!)
At the end of your notes, you should include what the correct solution was and brief explanation as to why it works.
Converting Notes Into Write-Ups 101
Okay, so you’ve finished the challenge you were working on and now you want to do a write up. First, it’s awesome that you want to put the extra work into making a write-up! Second, if you took good notes it’s going to be a cake walk. As a disclaimer, this is not a full blown guide to writing write-ups, but merely a quick way to turn your notes into something publishable.
Quick Note from CryptoKait: Please remember that you can ABSOLUTELY do a write-up on any challenge in the NCL Games. That being said, you cannot publish those write-ups. It’s in the terms and conditions you agree to in the games. That being said, it can be really good practice. Also, you can always submit it to the NCL Player Ambassadors and we can appeal to NCL and Cyber Skyline to see if you can publish it here (with credit, of course!)
As a general outline for write-ups, I use the following:
- Summary and Overview
- Initial Findings
- Formulating an Attack Strategy
- Why This Methodology Worked
- The End Solution
- A Final Overview (including thoughts about the challenge)
- Relevant Links and Resources
You can copy over the notes you took during recon into the initial findings. From there, you can clean up the spelling and grammar and create a more detailed explanation of the findings.
For the third and fourth sections, you can copy the notes from the successful attempt and then further expand on why the attack actually worked. In reference to the cryptography example I used earlier, you could briefly explain how different number bases are used to represent alphanumerical characters.
The fifth section should be either the text for a flag or a picture proving access with a brief description as to what the reader is looking at.
The first and sixth section will be similar, but should be worded differently. With the sixth section, you can also take the liberty to talk about what you learned during the challenge.
Finally the last section is just a collection of useful links. These links can be anything from blog posts you used as references to download pages for a particular tool.
If you follow these steps, you should have a halfway decent write-up on your hands!
Now go hack some things and take notes while doing it all for science.
With love and root shells,