Tweet
When engaging in penetration testing the security team executing the test will do the test affected by experience, tools and processes. No two teams do this in the exact same way. Even so, some general phases apply to most penetration tests.
Pre-Attack Phase
Attack Phase
Post-Attack Phase
The penetration testing phases are also heavily affected by the contract agreed upon by the client. The test will have a scope and some things may not be included in one test and another may not be included in another test.
The steps in an in-depth penetration test should include
Special systems such as SCADA and other less common systems could be part of a test. It is common to make a complete list of assets important to the organization and sort it from most to least important and then start testing the most important systems first. IoT should also be taken into consideration when planning a penetration test.
Let me just hand out a warning. No matter in which phase a penetration test is in you should NEVER leave backdoors in place any longer than needed for the team to prove a successful test. Also be aware if you start a local listener for a backdoor on a public server during a test. The backdoor you implemented may be found and abused by a malicious person. For Internet facing devices, reverse shells are better as they can under normal circumstances not be misused by a third party. And, always validate the tools you use as hacking tools are not guaranteed to be virus free.
Pre-Attack Phase
- Planning and preperation
- Methodology Design
- Network information gathering
Attack Phase
- Penetrating perimeter
- Acquiring target
- Escalating privileges
- Execution, implantation, retraction
Post-Attack Phase
- Reporting
- Clean-up
- Artifact Destruction
The penetration testing phases are also heavily affected by the contract agreed upon by the client. The test will have a scope and some things may not be included in one test and another may not be included in another test.
The steps in an in-depth penetration test should include
- Information gathering
- Vulnerability analysis
- External penetration testing
- Internal network penetration testing
- Firewall penetration testing
- IDS penetration testing
- Password cracking
- Social engineering
- Web application penetration testing
- SQL penetration testing
- Router and switch penetration testing
- Wireless network penetration testing
- Denial-of-Service and stress testing
- Stolen equipment testing
- Source code review
- Physical security testing
- Surveillance camera penetration testing
- Database penetration testing
- VoIP penetration testing
- VPN penetration testing
- Cloud penetration testing
- Virtual machine testing
- War Dialing
- Virus and Trojan detection
- Log management penetration testing
- File integrity checking
- Mobile device penetration testing
- Telecom and broadband penetration testing
- Email security
- Security patching testing
- Data leakage verification
- SAP penetration testing
Special systems such as SCADA and other less common systems could be part of a test. It is common to make a complete list of assets important to the organization and sort it from most to least important and then start testing the most important systems first. IoT should also be taken into consideration when planning a penetration test.
Let me just hand out a warning. No matter in which phase a penetration test is in you should NEVER leave backdoors in place any longer than needed for the team to prove a successful test. Also be aware if you start a local listener for a backdoor on a public server during a test. The backdoor you implemented may be found and abused by a malicious person. For Internet facing devices, reverse shells are better as they can under normal circumstances not be misused by a third party. And, always validate the tools you use as hacking tools are not guaranteed to be virus free.