BSides Sofia 2023 - Commit to memory making the best of your notes

Plamen will make you think about how you study. Yes, hello. My lecture won't be very technical. It's connected to my daily work as a technical person, but I won't show any complex banners and stories. I promise you that I won't talk about regulations, business and politics. My name is Plamen Kalchev. This is the worst quote from my job description. I really like to show it to people. I am a pen tester. I have been doing this for three years. I used to be a system administrator. And right from the beginning, when I started my technical path and my studies, I encountered a problem that I had to write down the things I was studying and I had to sort them out in some

way. But over time it got harder. At first there were some text files in directories, in some Linux distribution. At some point I stopped recording all the problems, because then the system administration, super new clients, some problems with the cPanel, there were problems for 5-10 minutes. There were some super troubles, which you say to yourself, if I do this, I won't forget it, tomorrow I can do it again. But after a few months this thing disappears. Chaos itself is not a problem, it is the environment we work in. We can't solve the chaos, but we can divide the problems into separate categories to look at and work on. First, there are the tools we use. I am personally guilty of the fact that I

often jumped from one tool to another. whatever you remember - Evernote, Obsidian, Notion, as I said, text files, Cherry Tree. I changed a lot of products, but I didn't change the way I use them. And you can tell there's no difference. Something that actually made me look into this topic and why I'm dealing with these problems were the categories. Every time I tried a new instrument, now I will arrange it perfectly, I will arrange some categories, everything will have a place, there will be subcategories, sub-sub-subcategories and every mark will be in the exact place from the beginning. But it doesn't happen like that. The more information you collect, the more complicated it becomes. This information you have to organize it and deliver it

quite easily, because you use it every day. However, a lot of information does not fall into one category. We have, for example, the Windows category, the Active Directory category, we have the category for PowerShell scripts, for antivirus evasion, for reconnaissance enumeration, We have set up a lab, which we have written in another category and there we have made some kind of obfuscation of Power View Script. Now, in which category do we put it? In Active Directory? In PowerShape Script? In AV? And here it is already quite difficult, because it doesn't matter only the context in which we write this information, but afterwards how it will be used. Because I have now this information with this PowerShell script that I have worked on, I have met this in a specific

ProApp on Hack the Box. I have written it there, I have done everything, I have tested it, but it is written in a specific note for a specific machine that I have found and which network. After that, when I work with a client project, I don't work in this directory anymore, this category is quite different and I'm looking for it in third place. I can start copying these marks in different categories, to duplicate them, but what happens when I have to renew them? Because they are not something permanent, we constantly learn, constantly develop our knowledge and of course I'm not the only one who has such a problem. People have been looking at different systems for this for a long time. And

the more I started reading, the more I came across the word "Zettelkasten", which comes from a German sociologist, I'm a little bit more familiar with him. And the other one that came up in my reading of the topic was about Memex. These are two very close as an idea, but very different things. Memex is a theoretical device. An American researcher in 1945 wrote a paper describing a theoretical machine, an instrument that helps us in our daily work. I'm talking about 1945, when there were no computers, no Internet, no such things. and he looks at the technologies he has at the moment, how they will develop in the near future and how it will help him to make a question-based theoretical machine. The machine, as he described,

is a bureau that has storage, which has some mechanisms to manage this information. It has three displays to project the information. and a keyboard with which we can control the storage. Yes, the storage is not from hard disks, it is from microfilm, which he then thought would be used today, but it is described in a very precise way, the technology we use today. For Cedric Casteln, there is another very interesting figure, Niklas Lohmann, he is a German sociologist. He does well in later works by Vannevar Bash, but he is known for being extremely productive. Throughout his life he has written something like over 70 books, some of which, and this is a dozen, were published after his death, only on his notes. People

joke that they would have given enough to be as productive as he was after his death. He wrote, as they say, more than ten books, a lot more scientific articles, and he wrote them using a drawer. This is the picture you see. He collected all his notes, made them into small boxes, and he decided that each note would be a separate unit from his food for knowledge. He read the book, assimilates the idea inside, tells it with his own words and records it. From there he puts it in the closest, in the sense, mark that he already has, physically behind it. If there are other similar marks, he indexes them along the edge of the mark

and connects them in this way. With his lifetime, he does something that accumulates a kind of over 90,000 marks. handwritten, connected and helping him to work and think every day and create an incredible amount of content. We are in a different era, we don't need to write this thing by hand, we don't need to cut them. If you want, you can, but I don't think it's the best option. We can use digital products and, as I said, they are very similar to what these people described decades ago. But actually, every day we work with them, with wikis, hyperlinks, the internet. It's something standard. But when we look at it from the point of note taking, for me at least,

it wasn't didn't seem like a logical way of organizing. I was used to doing the categories from top to bottom and everything was half-created. But it's not necessary. We can use a non-linear, widespread model, which is based on the Atomicity of No-Taking, which is for every mark to be a basic structural unit, to connect the question links with others that are similar, or with some indexes that play the role of a map of content. The tool I've been using every day is Obsidian. I don't have any affiliation, I don't pay them anything, I use it for free. It's just an extremely simple and powerful tool. I have used many others, but the way I use and organize my knowledge, for the moment,

it is the only thing that works for me. I mean, it is a very small trick. And again, I mean, we look at the same ideas that these people have described. Each note should be as small as possible, short, described best with our words. whether it's a code snippet, a vulnerability description, or a separate script. The idea is to be able to use this mark multiple times in different contexts and to connect where we think we will get to in the daily work. Another alternative idea is to build it from the bottom up, and not the other way around. We don't have categories. That's why it's super easy to start. Some time ago I was watching some videos from

YouTube, where people were explaining how to make their organization system. There were some colorful tags, some endless directors. It looked great, it looked very well organized, but you had to divide it into a week or two, for example, just to make the basic structure. This is not easy for me and I wouldn't use it because I'm lazy. When we start from a separate note, it's very easy. You read something, use something, write it down and connect it with the ideas you think are closest to it. You don't need to build the categories beforehand because they themselves float on the surface and from the number of nodes we have connected with specific ideas, we get such small clusters or map of contents that help

us to orient ourselves in this thing. And the more we connect them and find some logical paths, the easier it becomes to manage them. And in the end, it remains to review them, to update them, to work with them every day. It is never necessary to be perfect from the first time. It is better to have it saved, not to be completely unread and then to edit it while working with it. I will hide a few examples from behind to show you on my laptop. First, we will step on the idea of templates. Obsidian, as I said, I stopped using it, I don't use it, uses Markdown, which is very convenient because it doesn't include any vendor

formats, any databases. We have plain text files that we control and they are part of our system. We can synchronize them in some way, Dropbox, You can use the paid service for synchronization, as it does. You don't need to give the data to a cloud provider, which is great for customer information. You can make the question templates. I use some notes. Here I have a note for a machine from Hack the Box, which I described the main category, which I know will be inside the creation itself - Hack the Box, and writeups. It doesn't look very good, but writeups is a bit more pale in color, because there is no such node created. In this case, it is there

as a link, and if I click on it, it will already create itself as a file. This idea that it is not necessary to make the categories we want to use, can be created while we are working. And these templates, we create them and when we create a new node, we create them in some way and in case I made a hotkey to get the menu for templates, I can include the template I created. And it follows my name, categories, adds different things that I think are useful to me as an organization and in this way This is something we need to start writing. We don't need a new directory, we just create a new file

and start writing in it. We can add some tags if we want. The links are the most powerful part of Obsidian. There are links in other software, in Notion, in Evernote, I'm not sure about other more famous tools like Joplin and so on, but here they work a little differently and are more convenient to use. From the point of view that you don't need to make them two-way. When you create a link from a mark to a category or another mark, it is automatically two-way. You don't need to change and add a link in both places. which makes things much easier. When we connect our tags this way, they become very easy to search, because there is a little summary below, which shows

us what the tags are for in case the category "hack the box" goes. And we can see below that two tags are pointing to it. And this tag "hack the box" is a blank file that has some metadata to it and it automatically starts working as an index for us. We can search in this index, because we can have 100 tags or something of the type that are inside. This is not very easy for us. We can sort it, arrange it according to different criteria. But yes, this is the main building block of Psyllium and what distinguishes it from the others for me.

Tags are quite standard, like any other app. You can add some labels, which you can use in specific situations. For example, you can use it for internal engagement, external engagement and this is part of your daily methodology. You can sort by tags to get a summary of the things you use in case you forget a step. Another interesting thing I support is special links. They allow us to embed parts or entire notes in the current. As I said, with PowerView script, we don't need to copy the whole script inside. we don't need to put it only as a link to open the other tag. We can embed it directly, or we can do it with

different tags. Here I made a shortcut for a standard markdown, which embeds a page. And in case we want a whole Nmap, since I have created a previous node, I can do it like this. But if I want only TCP, I can use the headers and insert the whole explanation for TCP scan plus the code. I can copy the tag, I can copy the code block, which is very convenient for me personally. I can open the tag and see in what bigger context this block is. The good thing here is that when we update the original mark, everywhere where we have linked or embedded this thing, we see the current information without having to change other places.

We don't need to copy marks. We have the other standard embed again, only we can insert whole blocks.

more specifically, specific blocks, not whole blocks, where we don't want to insert headers, we don't want anything, we just want a code snippet, which we can use for the rest. And the last, so, it's a relatively new introduction to Obsidian, are so called canvas, and these are pretty standard mind maps. It is very similar to the Memex of Vannevar Bush, which creates an associative path from different ideas, notes, resources and helps us somehow to organize our way of thinking.

For example, here I have made a template, I have prepared a canvas embed, which is just a blank field, where we can start doing some things. We can write standard maps that live on this canvas, we can put our titles and we can, as a standard to connect them with some things, but here we can add the information from our previously created map. First we can add the whole sign for a map and again we can open, scan, copy any information. We can add pictures. First we measure, we collect and we imagine that we have already taken the equipment in some way. we found some, or actually we didn't find an exploit, we found vulnerability first and then this

vulnerability leads us to some exploit. And in this way we can organize quite complex mental lists that help us to explain the way we think, to see if if there is a right way to where we started. For me personally, this helped me a lot when I was studying for the OSW exam, because I could map the different functionalities of the application I was looking at and often I saw some connections between different functions and I could better imagine where and where it goes, what arguments are passed on to different parts of the application. It can be used as a base for a presentation. The result looks like this. This is a graphic representation of Obsidian.

It is a bit like eye candy. incredibly useful, but you can also see some anomalies in the notes, where for example, a note is distant, not connected to anything, and this means that it is either not completed or we have forgotten it and we can connect it with a more suitable category, which in time will be useful.

The information, mainly what I found interesting, was from two books. Both books were a little different from what I was looking for. One was from a more academic point of view, for people who write articles, write books, scientific works. At least for now I don't have such ambitions. The second one was something that I had to include in my life. I also don't want to get into the energy and so on. I want this to be completely isolated only for the technical information that I use every day. If anyone is interested, they can read the topic. I left links for the question article from 1945, which the management is obliged to read. I hope it was useful to you. If

you have any questions,