Hey chris, just saw your natas challenge! Dude you blew it man, I'm new to cybersec and wanted to learn some ctf like stuff and nobody had some full series of natas except you and john hammon, but that dude, i can't understand most of the stuff he speaks as he is so complex, and your stuff is half at least understandable and to be truthful the content you make are mind blowing man, please do continue
Great content! How about vulnerability scanning results ? They include a CVSS score for each discovered vulnerability. Would it make sense to evaluate and adjust the CVSS score manually as you did here ? Thanks Chris !
if you want to include the vulnerability scan results directly in the report rather than add it as an appendix, then I think you should readjust the CVSS score when applicable as the vulnerability scanner does not always have the context which the pentester does. For example the vulnerability scanner might not know if the vulnerability was identified in a local network or from the Internet. Typically the context comes from the pentester.