1) Planning: Defining scope, signing agreements and rules of engagement.
2) Reconnaissance: Searching over Internet resources, domain name lookups, even dumpster diving fall under this phase. Social engineering skills are included in here.
3) Scanning: Target selection, scanning open ports and services
4) Exploiting: Exploiting the vulnerabilities discovered in the “scanning phase” and maintaining permanent access.
5) Privilege Escalation: Gaining higher level of privileges after the initial compromise
6) Cleaning-Up: Cleaning up the artifacts of exploits and backdoors in order to keep the systems in their original states
7) Reporting: Writing the report about the findings based on the severities
Some of Pentesting Focus Areas:
– External Network Segment
– Internal Network Segment
– Web Applications and Services
– Wireless networks
– Network Devices
– Internal Client Applications
– Social Engineering
– Physical Security