Classroom Glossary Public page

Lab 11: Report Workshop

457 words

Week 11 graded lab. No new technical work. Input: findings from Labs 7-10 and the midterm.

Learning objectives

  • Apply the five-part finding format to real lab findings
  • Write an executive summary readable by a non-technical decision-maker
  • Give and receive peer review on technical writing clarity

Phase 1: Draft five findings (2 hr)

From your Labs 7-10 output and the midterm, select your five best findings. "Best" means: clearly evidenced, manually verified, and representing a range of vulnerability classes.

Minimum coverage requirement:

  • At least one finding from infrastructure exploitation (Week 7: vsftpd, UnrealIRCd, or Samba)
  • At least one finding from web application exploitation (Week 8: SQLi, XSS, IDOR, or file upload)
  • At least one finding from post-exploitation or lateral movement (Week 9 or 10: privesc path or credential reuse)

For each finding, write the full five-part structure:

## Finding [N]: [Descriptive title]

**CVSS v3.1:** [X.X / Severity] | **Vector:** `CVSS:3.1/AV:.../...`
**Affected system:** [hostname or IP]:[port]/[service and version]
**CVE:** [CVE-YYYY-NNNNN] or "N/A (misconfiguration)"

### Description

[2-4 sentences. What is the vulnerability? Why does it exist?
No unexplained tool names or CVE numbers in this section. Write
for a reader who knows what "web server" means but not what "vsftpd" is.]

### Evidence

[Numbered reproduction steps. Each step includes the exact command
and the key output or screenshot reference.]

1. From Kali at 192.168.x.5, run: `<exact command>`
2. The response shows: `<exact output excerpt>`
3. Screenshot A confirms root-level access: see Appendix A, Figure [N].

### Business Impact

[One paragraph. What does an attacker gain? What does the client lose?
Translate: "root shell" = "complete control of the system and all data it stores."
Make the connection to the client's specific business context.]

### Remediation

[Specific. Actionable. Not "upgrade software."
Name the specific patch, configuration change, or architectural fix.
Include how to verify the remediation is successful.]

Phase 2: Draft the executive summary (30 min)

Write a one-page executive summary:

Format:

## Executive Summary

### Purpose

[One sentence: why was this engagement conducted? Reference the fictional
scope (Meridian Financial Partners or the specific lab target).]

### Overall Risk Posture

[High / Medium / Low with a one-sentence rationale. "The tested environment
presents High risk. Multiple services were exploitable without authentication,
and credential reuse enabled movement to a second host within the same network."]

### Most Significant Findings

[Three findings in plain English. No CVE numbers, no tool names, no jargon.
Each: what was found, what an attacker could do with it, recommended urgency.]

1. **[Finding title, plain language]:** [2 sentences. What it is and why it matters.]
2. **[Finding title, plain language]:** ...
3. **[Finding title, plain language]:** ...

### Recommended Actions

[A prioritized list of the three to five actions the client should take,
from most urgent to least. Each action is one sentence.]

The Weidman test

Read your executive summary aloud. Would a non-technical business owner understand:

  • What is at risk?
  • How urgent is it?
  • What should they do first?

If the answer to any of these is "no," rewrite.

Phase 3: Peer review (30 min, in-class)

Exchange your five findings and executive summary with a peer. As a reviewer, answer these three questions for each submitted document:

Findings review:

For each of the five findings:

  1. Can I reproduce this from the Evidence section alone? If not, what is missing?
  2. Is the CVSS vector string present and does the score match the vector?
  3. Is the remediation guidance specific enough to be actionable? (Test: could the client's IT team implement it without calling you?)

Executive summary review:

  1. As a non-technical business owner, do I understand what I need to fix and why?
  2. Does the Overall Risk Posture claim match the findings?
  3. List any term that requires security background to understand without explanation.

Return your written feedback before the end of lab. Include at least one specific comment on each finding and at least three comments on the executive summary.

Phase 4: Revise

After receiving peer feedback, revise:

  • Address every "cannot reproduce" comment in the findings
  • Rewrite any executive summary language that required security background
  • Verify all five CVSS vector strings against the NVD calculator

Deliverable

A single PDF or Markdown document:

  • Executive summary (revised)
  • Five findings in five-part format (revised)

Formatting requirements:

  • Headings use Markdown ## and ### consistently
  • Code blocks use triple-backtick fences
  • Screenshots are embedded or referenced as numbered figures in a Figures section
  • Document is spell-checked (Firefox grammar check or aspell -c <file>)

This document is the direct prototype for the capstone report. The capstone report format is an extension of this format with a Methodology section, Remediation Roadmap, and Evidence Appendix added.