When describing your evidence make sure you address both the "what" and the "how". Someone reading your report in six months (yourself included!) should be able to replicate your work.
Bad: "The following shows that by intercepting and modifying the request, the price could be modified" Good: "After adding an item to the cart, clicking 'Checkout', and entering payment card details, the order was submitted and intercepted. The value for 'price' was then modified and the transaction completed using the modified value"
The first tells them what was done, the second tells them how it was done. Useful "how" information includes:
- Navigation instructions - Where do they need to go in an application to get where you were? For example "Portal > Team Site > Edit".
- Command-line tool flags - What options were you using when you ran the command that generated the evidence? Include in evidence if possible, in description if not.
Numbers less than 10, always with letters. Larger numbers, always with numbers. Unless it's with a unit.
Examples:
- "We downloaded 5 GB of data from the server"
- "We found three instances of remote code execution"
- "By cracking password hashes, 5,000 users had the password 'Summer2019'"
Courtesy of @gombos