Skip to content

Month: May 2018

What Note Taking App is Best for PWK and OSCP?

A very common question in OSCP student chat rooms and channels I hang out in is “should I be using something other than Keepnote?”

It is a fair question considering Keepnote is recommended in the PWK course materials. However, you may notice that it hasn’t been updated in over 6 years, and has actually been dropped from recent Kali versions. I have heard tales of OSCP students’ notes getting corrupted and lost, which is not a good situation to face when you are paying for limited time to complete the coursework (and exam).

If you are starting down the PWK/OSCP path, you will soon realize that you will need to take a lot of notes. Not just on the course materials, but on every exercise you do and every machine in the lab that you work on. This includes screenshots, copy-pasted output from nmap and other tools, and the specific steps you took to conquer a box (and hopefully the steps that didn’t work, from which you can reference in the future).

It adds up quickly, and it’s a challenge to keep straight as you hack away at box after box in the lab. Being a person that has kept a keen eye on note taking apps in general, long before I got my OSCP, I have some recommendations, with pros and cons of each.

In no particular order (see my Recommendations at the bottom):

CherryTree

Learn more and download CherryTree here.

The Good

  • Hierarchical (pretty much unlimited depth)
  • Free, open-source software for Linux and Windows. You *can* get this to run on a Mac, but it’s buggy
  • Highly customizable through preferences and templates
  • Imports notes from tons of places, does some good exporting too

The Bad

  • Can’t paste images from the clipboard directly into notes
  • Not the greatest at embedding files in general
  • Not easily synced between devices/VMs
  • No Mac or mobile device support

CherryTree is like KeepNote in many ways, but it is has many more features and is actively maintained. If you are going to be solely storing and referencing your notes on one machine (your host or Kali VM), use this tool. The template feature is really awesome, and it lets you create a new note based on a template of your design. This means you could create a template for Lab VMs that you can quickly populate with data as you work on a given machine. You could do something similar for PWK exercises. It should make reporting much easier.

Evernote

Download Evernote here.

The Good

  • Feature rich app, integrates with Web Clipper browser extension
  • Windows, Mac, iPhone, Android native clients with web version for Linux
  • Is modern and hip, if that matters to you

The Bad

  • Costs $ if you want it to be any good. Free features seem to be waning as they push people into paying for the service
  • Lacks true hierarchical organization (uses tags instead of folders)

My struggles with Evernote have been well documented on this blog in the past, but some people still swear by it, so I thought I’d mention it here. They do make ease-of-access a priority, and you can get to your Evernote stuff from just about anywhere. Using it is easy until you need to organize things with any complexity, and for the PWK labs, you’d have to be OK with using the #tags instead of folders.

Microsoft Onenote

Download Onenote from Microsoft here.

The Good

  • Feature rich app, integrates with Onenote Clipper browser extension
  • Free Windows, Mac, iPhone, Android native clients with web version for Linux
  • Free version is not feature limited (just space, which hasn’t been a problem for me)
  • Excellent hierarchical organization via notebooks > sections > pages > sub-pages

The Bad

  • Some people feel it has a bloated interface
  • Exporting notes can pose challenges with formatting if you stray outside the pre-made lines

After many trials and tribulations, I ended up going all-in with Onenote for PWK/OSCP, and life in general. The ability to create multiple, separate notebooks (and choose which ones you want to see on which devices) has been my favorite feature. I can separate work from life from projects from shared stuff this way, and I still have a good amount of hierarchical ability to organize things.

Your Favorite Markdown Editor

I see people profess their undying devotion to markdown when the note-taking discussion comes up in various OSCP forums/chats, and I respect their decision and desire for simplicity. However, the one feature I used most, and I can’t imagine living without in the OSCP course, is the ability to paste a screenshot into a note. I did this so much that it would have driven me crazy to have to do anything else, and with markdown, you have to do some form of “save image/reference image via text in the note/embed via some other mechanism”. There are extra steps involved, and you can’t easily do the copy/paste thing.

Clippers/Screenshot Tools

Speaking of screenshots and the need to embed them in your notes, there are several options I would recommend depending on your choice of note taking apps and the platforms upon which you use them. Here are my top three:

  • Snap ‘n Drag Pro (Mac only). Awesome customization options, ability to edit captures (add arrows/highlight/blurs), automatically adds to clipboard.
  • Skitch – If you use Evernote, use this (unless you are on a Mac, see above)
  • Shutter – Native Linux screenshot app

For PWK, I found the Evernote and Onenote clipper browser extensions to be limiting in that they only let you clip things from your web browser, when I needed to clip terminal output most frequently.

My Recommendations

Because I am primarily a Mac user, I need good support for screenshot pasting, and I prefer hierarchical note structure for organization, I went with Onenote and Snap ‘n Drag Pro for my PWK and OSCP work. I continue to use these two tools in my personal and professional life, too.

If I were not a Mac user, I’d go with CherryTree and Skitch.

Have any opinions or additional input about all of this? Let me know in the comments.

Does Your Business Need a Mobile App?

When the first startup our businesses, we usually focus on our foundation. This can include things like the product you offer, the message you want to give to your audience and also the type of industry that you want to be a part of. There are many considerations when it comes to building a business from scratch, and you usually want to focus on these important points first.

However, once you start growing your business, you’ll realize that there are far too many ways to improve your company and you might get lost in the decision making. Do you try to expand your lineup of products, do you refine what you currently have or will you decide to branch out into other industries?

One of the most underrated ways of growing your business is to actually develop a mobile app. Mobile apps are all the rage now because more and more people are letting go of their computers and laptops in favor of tablets and smartphones. They can do all of their work on smaller devices and they’re more likely to use their phones to browse the internet and get on social media.

You can take advantage of this by making your own mobile app, but how would you approach it and does your business really need one? Let’s find out.

What Would the Goal of Your App Be?

Let’s start with the basics: what would the goal of your app be? What do you aim to accomplish with the app? If you’re not sure about your options, then here are a couple of considerations:

  • Grow your business’s brand image.
  • Extend your reach to customers that wouldn’t normally use your services.
  • Provide an extension to existing services.
  • To facilitate a loyalty scheme that promotes customer loyalty.
  • To increase the number of customers you have.
  • Allowing customers to engage with your business better.
  • Improved connectivity between you and your clients.
  • To improve the customer experience.
  • Provide customers with unique offers and discounts.

These are just a few example goals of what the goal of your app would be. It’s best to take these all into consideration because the type of app you create is ultimately going to change depending on your goals. Some companies might want to focus on growing their brand image first, while others might focus on improving the customer experience.

Consider the Costs of Software Development

Now that you’ve taken a look at the common goals of a business app, let’s examine the costs involved. For starters, enterprise software development doesn’t come cheap but it does come with many advantages. You get a far more professional service than the alternatives and you can plan your app with the development team to ensure you’re getting the best features.

However, if you only need a small app then you might want to consider hiring a freelancer to do it for you. There’s no guarantee that they can help you manage it, however. Keep this in mind when planning out your software development and remember that cost is a big factor. It can sometimes be worth taking out a loan just to pay for the development of your app, but make sure you speak with your financial manager to determine the return on investment you can expect to receive.

Reasons to Have a Mobile App

Now that we’ve got a goal and we’ve considered the costs, let’s take a look at why you should be developing a mobile app for your business.

 

  • Better Product Value – When you attach additional services and offers to every product you sell, you’re boosting the value of those products through the use of your mobile app and creating a better value prospect.
  • Improve Brand Image – By having a mobile app with your business, you greatly improve your brand image and reputation. Almost every large business with a well-known name has some kind of mobile app that extends their services and assistance.
  • Boosting Web Traffic – Because many mobile users also focus on using the web on their phones, you’re more likely to get increased web traffic as well.
  • New Sources of Revenue – Apps can be used to secure new sources of revenue such as microtransactions. These are more common in video games and software apps, but there are many useful applications of having microtransactions.
  • Social Media Integration – Social media is a brilliant platform to advertise on and having social media integration in your app makes it much easier to take advantage of.
  • Listening to Customer Feedback – Using an app is a great way to listen to customer feedback. You can ask your customers questions, you can present them with surveys or you could even allow them to send feedback to you through your app.
  • Improving the Overall Experience – An app can greatly enhance the overall customer experience if used correctly. For instance, a software app could be a companion to your services. If you’re a delivery service, then you could use a mobile app to track deliveries that your clients and customers have sent or are expecting to receive.
  • Show Your Customers You Care – An app can do a lot if used correctly. You can show your customers that you care about their service by attaching an app to your business that allows them easier access to your products or guidance when they’re in need.

 

Some Final Words

Having a mobile app is a great way to grow your company. While it can get quite expensive to develop an app, it’s an expense that is worth the money thanks to all of the fantastic advantages that it offers. Whether its’ growing your customer base with an easy-to-use app or offering them additional services through the use of it, customers are usually always willing to download your app just to get some additional benefits.

4 Great Apps for Bringing Some Harmony to Your Life

Life just tends to get a bit rough sometimes. Even if there’s nothing explicitly going wrong at any given moment, the normal grind of daily responsibilities, chores, and expectations can end up wearing us pretty thin, to the point where we’re pretty ready to throw our hands up in the air and have a minor breakdown.

Part of this stress is just the inevitable cycle of ups and downs that comprise the human experience. Some of it is due to the way our lives are structured in the hectic 21st Century, where internet, tv, and smartphones all keep us permanently hooked into the neverending flow of information and obligation.

Luckily — whatever the cause of your personal stress and irritation — technology can also offer you some soothing solutions. Even if you run a software development company and are pretty sure you know your way around the block, these life-aiding apps are worth looking into.

Calm — for learning to meditate and keeping up a routine daily practice

There are many meditation apps out there — some more modern, and some more esoteric than others. Calm is one app which strikes a brilliant balance between the structure required to make progress in learning a skill, and the easygoing and fee atmosphere that defines the clearheaded mindfulness meditation is meant to inspire in the first place.

With the Calm app, you can enjoy a series of restful backgrounds and side effects, benefit from short “Daily Calm” meditation sessions focused on different themes, and even listen to soothing sleep stories to help you doze off promptly at night.

Then there’s the database of meditations. These are broken into individual sessions and “courses”. You can do any number of courses at the same time, and switch between them without any hassle, but it’ll generally be in your best interest to see a course through promptly once you’ve started it.

An intuitive calendar feature shows you your best and current meditation streaks, and nudges you gently to stay on track.

Meditation has been demonstrated by scientific research to be effective at enhancing calm and feelings of wellbeing. With the Calm app, you can start enjoying those benefits pretty much immediately.

Habitica — for forging positive habits (and breaking bad ones)

Habitica — formerly known as HabitRPG — is the perfect nerd-friendly solution for anyone beset by bad habits and an inability to properly stay focused on the task at hand.

Habitica “gamifies” habit-mastery in an intuitive and deeply fulfilling kind of a way. You have a pixel-art virtual avatar, equipment for him or her, a shop to buy new items from, gold, levels and experience points.

The way the app — or game — works is that you create tasks across three different category sections. “Habits”, “Dailies”, and “To-Dos”. Completing tasks in each of these areas will reward you with experience and gold.

“Habits” are, well, your habits. You should include both habits you want to reinforce and habits you want to undo, here. For a positive habit, every time you perform it throughout the day you can click a plus button for a boost of XP. For negative habits, you press a minus button and lose health. The idea here is that you combine positive and negative reinforcement to re-shape your habits and guide you towards a better, more uplifting lifestyle.

“Dailies” are recurring tasks that you need to perform on a daily basis. “To-Dos” are one-off tasks that you need to achieve in general.

If you struggle with mastering your routine and habits, maybe turning your life into an RPG could be the ideal solution.

Nozbe — for getting tasks out of your head and into a system

Nozbe is a project management app based on David Allen’s world famous “Getting Things Done” productivity system. The essential philosophy behind the system is simple; humans are very good at coming up with ideas, but not good at remembering them. Trying to keep all of our goals and tasks stored in our heads, therefore, is a quick road to stress, under-performance, and disaster.

Nozbe deals with these issues simply and intuitively. Every idea you have that seems significant should be turned into a rough task or entry in your “inbox”. When you have a free moment, you should process your inbox, delete irrelevant or non-actionable tasks, and turn those which are actionable into “projects”. Once turned into projects, these tasks then move to a separate panel.

For each project, you then add tasks that must be completed in order for the project itself to be completed. Then, for each project, you select a “next action” out of all the available sub-tasks.

These selected “next actions” then appear on a “priority” panel.

So, in a few simple steps, you’re able to collect your tasks, categorise them, and identify the next actionable step you should be taking. It’s a real load off the mind, so to speak.

YNAB — for managing your budget on the go

Financial issues are perhaps the single biggest source of stress out there, and having to page through stacks of old receipts to identify your spending habits and plan your budget going forward isn’t any fun.

You Need a Budget — or YNAB — is a browser and app-based service that follows the principles of zero-based budgeting, and allows you to stay on top of your spending, and manage your finances, virtually effortlessly. Transactions can be automatically imported from your online banking to YNAB, or can be entered manually, either while at home or when out and about.

Your income appears as a “to budget” amount which you then assign to different categories of your choosing, such as “parking”, “fun money”, or “bills”.

By planning how each penny of yours is assigned, and then tracking your expenses to make sure you’re sticking to the script, YNAB can remove a lot of the uncertainty and worry from your financial life.

5 Ways To Maximize Your Data Security

The world of business tech is advancing at such a rapid rate and with it, cybersecurity is progressing massively. The improvements in technologies have their benefits, but the downfalls are that they are also helping out the hackers and criminals floating around the cyber world. The data security loopholes can be easily exploited with the tech know-how among cyber criminals, which means that as a small business, you have to be on the ball with your security. It’s an increasing worry with small businesses when it comes to data, because while you’re not a large corporation, you are going to be far more at risk than the bigger players in the industry. This is largely due to the fact that as a small business, you are less likely to spend your budget on increased IT security.

You can manage your data far better when you need to protect it and maximise your data security and this includes things like updated software, better technologies and preparation with your precautionary measures. When you are a small charity, data management software similar to what you can get from Global Faces Direct is so important for not only managing your donors but keeping their information as secure as possible in the face of a security breach. This goes for any small company; using an outsourced business to look after your data can do wonders if you are a victim of a cyberattack.  The thing is, protecting data just doesn’t protect the data. It also protects the core of your business and the entire framework. If you’re not working to take care of your sensitive information, you’re going to leave your company open to people coming in and taking what is not theirs. With that in mind, here are five ways to maximise your data security and protect your business as much as possible.

Limit Access. While it’s nice to trust people with access to the sensitive data on your business server, this is not something that you should be giving out to everyone around you. A lot of organisations – including yours – likely give out privileged information to a large number of employees. Have you ever considered only doing this for the management team and those that ‘need to know’? Limiting the access to your sensitive data doesn’t just help your business, but it helps you to understand exactly who has the access to it. This can then be helpful in the incident of an internal security breach and makes it easier to narrow down a culprit.

Know What’s Sensitive. Businesses have a lot of data floating around out there, but if you don’t quite know what is classed as sensitive, then you should really start looking into that. This will mean that you have the right information when you need it and will give you the chance to allocate more security to that information as you need to. It may only be about 5% of your business data that is crucially sensitive, but it’s this information that could bring your business to its knees.

Prepare Security Policies. No one wants to think about what would happen in the event of a cyberattack but preparing your policies to mitigate you in the circumstances of it happening will be a huge help. It will impact your response to an incident as well as help you to carve out your reaction to extreme security breaches. You’ll also know which information has been breached right off the bat, helping you to manage your response.

Password Management.  Every employee in every department of your company needs to have a strong password allocated to them by the system instead of allowing staff to choose their own. Sensitive data should be buried under lock and key, only accessible with passwords and multiple codes. Doing this can make a huge difference to the response time when a breach happens and can also help you to locate where things have gone wrong; whether internally or from the outside.

Back-Up. Regular security checks on your data as well as a regular backup (think daily!) is going to make life much easier for you in the event of a breach. You will be able to get your information back quicker and secure it so that it’s not wiped completely from the cyber universe.

Being a successful business means being awake to the issues that present when it comes to your data. You need to know the risks as well as the benefits of protecting your information.