How to take hacker notes

Smart note-taking makes a measurable difference when it comes to hacking.

Taking good notes is a useful skill; there is certainly some art and science in it. Within the world of cyber-security, there's a lot to learn and you can't possibly be expected to accurately recall it all.

This is why taking good notes is important.

You could use post-it notes, but they're not very searchable or portable. You could use a notebook, it's not very searchable but it's very portable. The best option is to use something like GitBook.

There is just too much going on when you’re hacking to try and remember every single command and useful option for every service you come across. I doubt I would have passed my OSCP first time without an effective note-taking system. So here we go, my three-step process for taking great notes:

Use GitBook or Notion

Using one of these apps means your notes will be searchable. When you have good search functionality for your notes, you’ll never have an issue finding that command you were looking for. I made a video on how I use GitBook to keep notes:

Structure your knowledge

Your notes will benefit from having a little structure. It doesn't need to be too rigid because you're going to use the search feature to find what you need for the most part. However, you could use the MITRE ATT&CK headings to structure your pages. They are:

  • Reconnaissance
  • Resource Development
  • Initial Access
  • Execution
  • Persistence
  • Privilege Escalation
  • Defensive Evasion
  • Credential Access
  • Discovery
  • Lateral Movement
  • Collection
  • Command & Control
  • Exfiltration
  • Impact

If you’re new to all this, don’t worry, you can read more about MITRE ATT&CK by visiting their website.

If you want to just keep it simple, you could do something like this:

  • Enumeration
  • Exploitation
  • Privilege Escalation
  • Shells

Make it rich

People learn in different ways. So if you’re a visual person, you might benefit from including YouTube videos, Twitter threads and blogs in your notes. If you find a great resource like a write-up on how to do something, there’s no harm in embedding it in your notes.

If you make an impressive collection of beautiful notes and you’d like me to share it with my audience, feel free to drop me a message on LinkedIn and we can fit it into my publishing schedule.

Most popular
Improve your cyber knowledge in less than 5 minutes a week

Receive weekly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.