Phase 1: Pre-Engagement
Preparing and planning which tools and scripts to use. Agreeing to what type of testing will occur (White, Black, or Gray Box) as well as defining the scope of engagement. Document a contract in writing that explains the goal, expectations, and risk of the testing.
Phase 2: Reconnaissance
Through the use of our OSINT tool set, recon will begin. OSINT tools are continually evolving and will include but is not limited to WHOIS queries, DNS gathering, social media snooping, port scanning, banner grabbing, and packet sniffing.
Phase 3: Vulnerability Analysis
Useful information captured during the reconnaissance phase will be accessed and utilized to facilitate a comprehensive vulnerability assessment. Security gaps found will be sorted and the vulnerabilities with the highest probability of being valid that require the least effort to exploit will be the focus of phase 4.
Phase 4: Exploitation
Using the information gathered in phases 1 through 3, tools like Metasploit, Cobalt Strike, sqlmap, and Canvas are used to gain preliminary access your network.
Phase 5: Post-Exploitation
Once access to your network is achieved, the post-exploitation phase consists of achieving and maintaining lateral movement and elevating privilege to gain a stronger foothold. Credentials, password hashes, personal details, financial data, source code are captured and stored before cleaning up backdoors and logs to minimize the possibility of detection.
Phase 6: Reporting
Following phase 5, a clear and concise report of the objectives, scope, methodology, and summary is created and delivered to the client. Reports are comprehensive and tailored for the C-Level as well as the Information Technology or Security team.