Phases and Scope Summary

Pentesting Phases:

1) Planning: Defining scope, signing agreements and rules of engagement.
2) Reconnaissance: Searching over Internet resources, domain name lookups, even dumpster diving fall under this phase. Social engineering skills are included in here.
3) Scanning: Target selection, scanning open ports and services
4) Exploiting: Exploiting the vulnerabilities discovered in the “scanning phase” and maintaining permanent access.
5) Privilege Escalation: Gaining higher level of privileges after the initial compromise
6) Cleaning-Up: Cleaning up the artifacts of exploits and backdoors in order to keep the systems in their original states
7) Reporting: Writing the report about the findings based on the severities

Some of Pentesting Focus Areas:

– External Network Segment
– Internal Network Segment
– Web Applications and Services
– Wireless networks
– Servers
– Network Devices
– Databases
– Internal Client Applications
– Social Engineering
– DDoS
– Physical Security

Course Discussion

Subscribe To Newsletter

News and campaigns you will enjoy to hear...