Listed clustered prioritised
1-Footprinting - Determining the targets footprint, e.g. DNS records, IP scope, public
information, contact information, etc.
2-Scanning - Determining the targets openings, e.g. service ports, wireless networks, modems
pools, vpn servers, etc.
3-Enumeration - Determining the services behind the openings, e.g. webservers, systems,
routers, firewalls, wifi authentication, etc.
4-Penetration - Selecting appropiate exploits and penetrate the target, e.g. SQL injection,
buffer overflow, password attacks, etc.
5-Escalation - Escalation of the credentials to admin or root, e.g. dll injection, local exploit,
configuration change, sceduled jobs, etc.
6-Getting Interactive - Getting a remote shell or GUI on the target, e.g. RDP, VNC,
7-Expanding Influence - Moving from the initial target as a foothold or beach-head to the rest
of the network taking over the domain.
8-Cleaning Up - Ensuring backdoors and removing evidence, e.g. rootkits, log removal,
log editing, etc.
9-Reporting - Writing and presenting a report on the pen-test to the owners of the network
one had authoritation to test.
14% snelle instappers
34% vroege helft
34% late helft
Het gebruik van het klantportaa