From Chaos to Clarity: Organizing Data With Structured Formats

Organising penetration testing data 🤓

Sometime ago, our team (Targeted Ops) at TrustedSec began defining models for information we see daily as consultants - this consists of Users, Domains, Computers, and so on. The library supporting these models provide an enrichment and combination backend which allows us to collect data from disparate tools and connect them all to individual objects. Say you are doing Subdomain OSINT - then massdns, subfinder, and amass will all produce output. The library will be able to parse the output of these tools into a standardised models which combine into individual objects - this allows us to easily see the bigger picture of the data we have available. In this blog, I detail some of the reasoning and dive into a bit of the backend of this project. Capability Devs: Please standardise your output 💖

PreviousExecution Guardrails: No One Likes Unintentional Exposure NextMaelstrom #7: Static OpSec Review

Last updated 2 months ago