Skip to content

Latest commit

 

History

History
73 lines (61 loc) · 4.01 KB

README.org

File metadata and controls

73 lines (61 loc) · 4.01 KB

Cybersecurity Work Org Mode Templates

About

In the cybersecurity work environment staying organized and good note taking is vital. You can track notes on incidents, investigations, support tickets, meeting, and much more. In my day to day work as a Cybersecurity Analyst, I use GNU Emacs and Org Mode plus a few other tools to stay organized. The new and shiny applications that resemble this workflow are Obsidian, Notion, and LogSeq. The benefit of using GNU Emacs is you get to weave your documentation with actual code in a Literate Programming kind of manner. This make collaboration and sharing easier and feature rich.

As explained by their concept of Literate Devops, Howard Abrams states:

While my literate devops approach shouldn’t replace real DevOps (OpsDev?) automation, I have found this approach useful for two reasons:

  1. As a good way to take notes before writing a cookbook.
  2. As an easy approach to compose emails to teammates when stuck.

You can extend the concepts of Literate Programming and Literate DevOps to Cybersecurity work. You find yourself stuck during a Pentest? Just org-mime-org-buffer-htmlize to export the section your stuck on and send it to a coworker. Howard Abrams talks about using the power of Org Babel and Tramp to work with servers, VMs, and remote machines. There is nothing stopping you from doing the same with these templates. Maybe this is the start of Literate Pentesting?

Prerequisites

  • GNU Emacs 26+
  • Org Mode

Installing

  • Download this repo and place the templates in your template directory or wherever you see fit.
  • Create the main document where your capture templates will be “captured” too. 1.
  • Setup your Org Capture templates to use these templates

    For example:

    (setq org-capture-templates
          '(("t" "Todo" entry (file+headline "~/Org/log.org" "Tasks")(file "~/templates/todo.org"))
            ("c" "Contact" entry (file+headline "~/Org/contacts.org" "Work Contacts")(file "~/templates/contacts.org"))
            ("s" "Support Case" entry (file+headline "~/documents/external/vendor_supportcases.org" "Cases")(file "~/templates/supportcases.org"))
            ("p" "Projects" entry (file+headline "~/documents/internal/projects/projects.org" "Projects")(file "~/templates/project.org"))
            ("e" "Issues" entry (file+headline "~/documents/internal/projects/projects.org" "Projects")(file "~/templates/issue.org"))
            ("i" "Investigations" entry (file+headline "~/documents/internal/incident/investigations.org" "Investigations")(file "~/templates/investigations.org"))
            ("m" "README" entry (file+headline "~/Org/READMES/all_readme_files.org" "READMES")(file "~/templates/README.org")))
        

Usage

You can create you own files to capture data into. For example I use the following scheme:
  • /documents/incidents/investigations.org

Then I capture all my data into investigations.org which gets timestamped.

Authors

Eduardo Robles - Idea and Initial work

Acknowledgements

  • Literate DevOps by Howard Abrams

License

https://i.creativecommons.org/l/by-sa/4.0/88x31.png

Contributions

You can Buy Me A Coffee

https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png

Tip with some Sats

Tip Some Sats ⚡