Scoping, boundaries, communication procedures, authorizations. Identify the best approach for testing.
Discovery & Identification
Enumeration of assets, ports, and services via vulnerability scanning and manual information gathering.
Analyzing information gathered for all assets and creating an appropriate exploitation plan based on the target network(s).
Utilizing the constructed plan to illustrate the true risk that the identified vulnerabilities present to the customer's network. The exploitation is conducted using both manual attempts and automated tools.
Provide a report containing high-level takeaways, executive summary, and in-depth details of how each phase proceeded. Review meeting held to go over results with the client.