All @cmprmsd

Obsidian Knowledge Base

cmprmsd -

Note. This is a work in progress post. I just have to publish it immediately or I'll never write and publish it. 😆

Introduction

Working in IT security means keeping up-to-date all the time and immense amounts of "knowledge" will pile up in your brain. I noticed that my brain capacity was exhausted after about a decade of pentesting. There are so many fields, so many techniques and also problems that you solved after hours of testing and then want to preserve for future use.

The Past

The journey started with Cherrytree, which was great at the time but lacks a lot of important features:

  • Proprietary format (no Markdown files for easy use with several different tools)
  • It's a hassle to format stuff
  • Copying data into and from Cherrytree was a pain

So I searched for an alternative and since 2018/2019 or so I started using Typora. There are some very awesome features that helped me at least writing down everything I had to know.

  • Automatic parsing of HTML to Markdown (e.g. cheatsheets on Github or Blog posts with most modern frameworks easy peasy!)
  • The WYSIWYG editor is... I cannot find words. It works so good and has syntax highlighting in code blocks. Hybrid editing has the best of both worlds for me. Good perception (images, syntax highlighting etc.) and "editability" (a very predictable behaviour when writing texts. Well.. anti-Microsoft-Word-behaviour)
  • Automatic download and relative linking for images that are embedded in your copied texts from the Internet. This helps preserving all content when the source went down

I noticed some drawbacks of course.

Knowledge is not meant to be sorted hierarchically. - S.H.

I don't know how often I just didn't know where to put a note because it would fit into several categories. You can see this in the screenshot below. I tried to create proper hierarchy for topics etc. but more often than not you will not know the perfect place for the piece of knowledge immediately. So I end up with having my notes sorted somehow having a lot of files in the wrong place or with only one of five positions in the context of my PKB (Personal Knowledge Base).

The crazy hierarchy that will not persist

The Proposed Solution

TrustedSec wrote a very fine blog article on how they tackled this problem for a whole team with Obsidian and some plugins for content generation. I highly recommend reading this article as it explains every choice they made in depth.

In fact this blog motivated me to redo my whole knowledge base and rebuild it from ground zero.

This will mean, look at each note, reformat it and find a place in the  content network in order to build several "mind" routes to each node if possible.

E.g. Pass-The-Hash and Pass-The-Ticket are highly connected to Mimikatz. They will reside in a category called Lateral Movement but Mimikatz will be placed in Tooling or/and Cheat Sheets.

In Obsidian it is possible to embed content of other notes. So if I update some command of Mimikatz the references in Pass-The-Ticket will be updated automatically. This is great to reduce future workloads as the tools constantly change (e.g. Powerview just changed their commands in their dev tree). Update once, change everywhere 👍

They also have a graphing feature which allows you to explore all related topics in a new way. I was astonished how well this worked with Bloodhound and think there are many benefits for knowledge bases as well.

Example of non-hierarchic connections between categories

Implementation

I think I can take 90% of the TrustedSec™approach as they already thought through it and collected ideas from the whole team. Some nice features as automatically updating all references, when you change the file name is great as I do this quite frequently when I notice a title is not on the point or searchable.

Some implementation change I noticed from the screenshots:
In the first screenshots of their blog post it seems they embedded the creation time and modification time in the metadata as templating at this time was a one off on the creation of a note. However, this was fixed in more recent versions of the Templater plugin as described in their docs. But in order to see the updated modification date the placeholder will have to be in the document itself and the datetime will be rendered only in the preview. All metadata (at the top) will not be rendered. So that's the reasong they changed it to the bottom as it would not make sense to have this kind of data on top of the title in the rendered document.

The screenshot shows the new <%+ functionality for dynamic templates

Furthermore, their part on "putting it all together" shows backlinks to the primary and secondary categories. I'm not sure if I'll stick to this, as this will result in some issues with your notes. All notes will be connected towards the first category level

Connections to first level category

Also the local view does not show that Online Tools is a part of 02. Recon & OSINT. This will result in a loss of information. Coloring your nodes helps a bit.

Notes are green, secondary categories orange

It becomes better when you disable incoming links:

Testing different local graph settings

Obsidian Usability Tweaks

Line Swapping

From VSCode I love the feature to swap lines in order to sort list items or text blocks. This does work in Obsidian as well, but you'll have to bind it in the settings.

Adding hotkeys for line swapping

Templater

For the beginning I'd advice to disable Trigger Templater on new file creation as you currently cannot customize it enough to have different templates triggered automatically and you will define a lot of categories in the beginning which need other templates.

I created templates for the different category levels and use alt+e in order to run a template macro.

Templates for each level

The first level category template  look like this:

Go to: [[0. Global Index]]
Tags: 

# [[<% tp.file.title %>]]
---

This ensures the title is automatically soruced from my file name.
I first create the wiki-style link to the non-existing category, then ctrl+click the link in order to create the file. This has to be placed in the according folders but when you use the template, its title will already be filled correctly. ❤️

Todo

I'm still in the progress of migration and I'm quite sure there will be some things that'll annoy me!

☐ Migrate all Typora notes
☐ Migrate all CherryTree notes (This is a pain. I didn't even move them to Typora yet)

Suggestions for the Obsidian team

☐ Implement a hybrid editor mode (that supports Templater's dynamic templates ;)
☐ Option for hiding certain folder names (e.g. image-assets for embedded pictures) - For now I will have all images in one folder in contrast to Typora where I had all images relatively placed in a .assets folder.
☐ Support hidden folders for images. Currently images will not be pasted when I chose in subfolder under current folder and write .assets.
☐ Implement image preview (this works currently with Ozan's Image in Editor Plugin
☐ I noticed images being shown in the graph as reference. This seems to be a bug with hidden folders, when the file cannot be found.

Suggestions for the Templater dev

☐ Implement differentiated templates for certain named folders. In the current approach with categories and notes it would be helpful to have two templates. Currently I just added another template and have to position and reference the file manually.

PS

If you read this far, feel free to message me on Twitter or LinkedIn! :)