It was on my blog post on HTB CPTS tips where I mentioned for the first time the concept of what I call a field manual.

To put it simply, a field manual is a collection of the notes, techniques, and procedures you acquired during your career as a hacker. It is meant to be referenced during your engagements (i.e., in the field) as a database of practical knowledge and a guide when traversing difficult situations.

Back then, I affirmed that having created such field manual for myself in preparation for my HTB CPTS exam was one of the key factors for my success. Now, I can say that I not only refer to my field manual during my CTF practice but also during my penetration tests as a professional.

Ever since I published that blog post, I’ve had dozens of people reaching out to me to ask questions about my note-taking methodology. So I was very happy when the folks from the Hack Smarter Discord channel reached out to me to do a presentation on this very topic.

Below is a recording of my presentation titled Creating A Field Manual, in which I cover topics such as what field manuals are, what their key characteristics are, and how one would go about creating one:

(Slide deck for the presentation)

I’d like to thank grep_more_coffee, Schlop and the larger Hack Smarter community. It was fun! Be sure to check their community out if you’re serious about improving as a hacker.

Will I release my notes?

This is the number one question I receive from readers. One person per week, at the very least, has contacted me since I released the HTB CPTS tips blog post asking me to share my field manual with them (sometimes even offering to pay!).

Although that flatters me, and I’d love to share it, I can’t for a few reasons:

  • It contains paywalled content copy-pasted from learning platforms such as HTB Academy
  • It may contain information that could be interpreted as exam spoilers
  • It contains personal information such as API tokens

However, I’m pleased to say that I’m rewriting my entire field manual in Obsidian while removing or rewriting the problematic portions. When I’m done, I will release my field manual for free on this very blog.

I don’t have an estimate for when it will be done, but sometime after I’m finished with my OSCP studies. If you’re interested, subscribe to my RSS feed to stay up-to-date.