Penetration Testing (Pentest)
Organized steps :
- Planning and Preparation :
1.2 Information Gathering: Determine test scope, objectives, and limitations. Collect basic information about the system to be tested, such as IP address, domain, and running services.
1.3 Approval and Permission: Ensure all parties involved understand and agree to the scope and methods of testing. - Reconnaissance :
2.1 Passive: Gathers information about targets without interacting directly with the system, such as using public search tools, whois, DNS lookup, and social media information.
2.2 Active: Interact directly with the target to obtain further information, such as network scanning to find open ports and running services. - Scanning and Enumeration :
3.1 Vulnerability Scanning : Uses automated tools to identify known vulnerabilities on target systems.
3.2 Enumeration : Get more detailed information about the services and users running on the target system, such as a list of user accounts, shares on the network, and service details. - Exploitation :
4.1 Identifying Vulnerabilities : Uses the information obtained to find exploitable vulnerabilities.
4.2 Performing Exploitation : Launching an attack to exploit the vulnerability, such as SQL injection, cross-site scripting (XSS), buffer overflow, etc. - …