Most of us have a cheat sheet [CS] here and there. In my jump bag there is a 3 ring binder with cheat sheets in plastic sheet protectors. In this, it got me thinking about cheat sheets again and there are a few things to share. First, we have wrote about them many times over the years (located with site:isc.sans.edu Cheat Sheets) [1] [2] [3] [4] [5]. There are also a series of cheat sheets all over the ‘intertubes’ [6] [7] [8] and lets not forget the great list of CS at Packet Life [9]. There are even GIT repositories of CS [10]. Note: From here On, I am talking about an Apple OS X only App. If someone wants to contribute something similar for Linux and Windows email me ( rporter at isc dot sans dot edu ) or twitter @packetalien and I will post an update. One common thing that has been bothering me as of late is ‘search-ability’ and ease of getting to quick answers in a cheat sheet. Then I thought about possible solutions and wanted to share. For other coding references there is Dash [11] which I use heavily and they have tons of cheat sheets [12]. While sitting in a SANS 572 Advanced Network Forensics, it hit me, write a Packet Forensics CS, to the Dash Docs Batman. As it turns out, the format is easy to understand and based in Ruby [12] and there is a Ruby gem called Cheatset [13] that has great samples. Here is a screenshot of what I’ve got so far, and this cheat sheet will be for packet "forensicators": There will be more to come as time permits and if anyone is interested in the source or docset for this and or would like to contribute email me ( rporter at isc dot sans dot edu ) or twitter @packetalien. A final note, when doing forensics on a case, it is always good to have references handy! [1] https://isc.sans.edu/diary/2+Cheat+Sheets+for+Incident+Handling/5354 [2] https://isc.sans.edu/diary/Cheat+Sheet%3A+Analyzing+Malicious+Documents/7705 [3] https://isc.sans.edu/diary/New+and+updated+cheat+sheets/6958 [4] https://isc.sans.edu/diary/New+Incident+Response+Methodology+Cheat+Sheet/10828 [5] https://isc.sans.edu/diary/OWASP+Session+Management+%22Cheat+Sheet%22/11263 [6] https://isc.sans.edu/presentations/ [7] https://www.owasp.org/index.php/Session_Management_Cheat_Sheet [8] https://cert.societegenerale.com/en/publications.html [9] http://packetlife.net/library/cheat-sheets/ [10] https://github.com/detailyang/cheat-sheets [12] https://github.com/Kapeli/cheatsheets [13] https://github.com/Kapeli/cheatset Richard Porter @packetalien, packetalien.com, rporter at isc dot sans dot edu --- ISC Handler on Duty |
Richard 173 Posts ISC Handler Jul 15th 2015 |
Thread locked Subscribe |
Jul 15th 2015 6 years ago |
Personally I find Evernote works well. Premium version with ocr makes a lot of the details searchable and therefore pretty easy to find. Not a plug for Evernote, just sharing what works for me. I have easy access on my various pc's and mobile devices, which makes it handy. As they say your mileage may vary.
|
DMan 1 Posts |
Quote |
Jul 16th 2015 6 years ago |
I have not tired it, but in a search for a "Dash for Linux/Windows", this came up: Zeal (zealdocs[.]org) It says it is open source and was inspired by Dash. It says it supports the same document sets too.
|
Tri0x 17 Posts |
Quote |
Jul 16th 2015 6 years ago |
I find that OneNote works well. Like Evernote it syncs to all devices even Apple phones and pads.
|
PW 69 Posts |
Quote |
Jul 16th 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!