We introduced Ghostwriter in July 2019 when we felt it was a good v1.0, but active development never slowed. If you missed the release at Black Hat Arsenal 2019, checkout Ghostwriter here first:
A lot has changed in the past six months so let’s dive into some of the most exciting changes for 2020.
Easily the biggest change is the addition of a WYSIWYG editor. Ghostwriter now uses TinyMCE for editing findings and notes. TinyMCE is widely used in products like WordPress and integrates well with Django.
This was a heavy lift that required testing multiple editors and figuring out how to best convert the WYSIWYG HTML to the various reporting formats (e.g., Office XML). Originally, we stated this feature was a low priority; however, it really needed to be in place early to reduce how much work would need to be done by current users to convert findings that used Ghostwriter’s original template keywords to the new WYSIWYG editor. …
It was about a year ago that we had the idea to make special badges for the SpecterOps team at Black Hat 2019. We initially looked at printed circuit boards, the de facto foundation for most Black Hat / DEF CON badges, but abandoned that idea early on in the process. We decided to go with something we could fabricate ourselves. Something different.
I took on the design and creation and fabricated each badge out of urethane resin, specifically Smooth-On’s Crystal Clear 200. …
Part 1 introduced Ghostwriter. This article expands upon the making of Ghostwriter, the technology stack, and the thought process that went into the development. If you have not read Part 1, check out Ghostwriter here:
The application uses a PostgreSQL backend that Django natively supports. However, should users desire to switch to a different type of backend, the Django settings.py can be updated to use SQLite, Oracle, or MySQL without any additional libraries. Django makes it easy to modify the Ghostwriter database models as well. Migrations are usually smooth and trouble-free, especially if you are customizing the models prior to using Ghostwriter in production. …