- Understand who is going to be reading this and who is the target audience?
- The report needs to clear that a non-technical person would understand
- Report should include the following:
- Executive Summary
- Technical Summary
- Detail Report of findings
- Include references from MITRE ATT&CK (https://attack.mitre.org/)
- Recommendations for remediation (If possible)
Resources:
Public Pentesting Reports: