Aim to tell a story with your report. Why does it matter that you could perform Kerberoasting and crack a hash? What was the impact of default creds on X application?
Write as you go
Stay organized. follow chronology
verbosity
clean, visible images with highlights
redact sensitive information
hide crude passwords
grammar
raw command output over images
keep professional usernames
QA report yourself
autosave report
Communication
At the start of every engagement, we should send a start notification email including information such as:
Tester name
Description of the type/scope of the engagement
Source IP address for testing (public IP for an external attack host or the internal IP of our attack host if we are performing an Internal Penetration Test)
Dates anticipate for testing
Primary and secondary contact information (email and phone)
At the end of each day, we should send a stop notification to signal the end of testing. This can be a good time to give a high-level summary of findings