About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Penetration Testing Phases - 185

CyberXPosted 5 Years Ago
  • People new to the area do not realize that testing is not just hacking. There are many other steps to this.
  • To start with, there is Pre Engagement stuff. Although this is really boring, determining the scope of the engagement, the testing environment and etc. This is so that when you start the test that you can actually do the test.
  • Secondly, is the recon phase. This is understanding what your testing, where the resources live at and etc. I would argue without a proper recon phase, you will not know enough about the service to test it.
  • The next stage is where the hacking beings at. Now that we understand what we are testing, it is time to find the vulnerabilities!
  • Items 4 and 5 are not included in a lot of engagements but are probably the funnest part! This is exploitation (4) and post exploitation (5).
  • In stage 6, we report what we found on to the service. Although this can be boring, this is really what the clients pay for! Convey what you found, how you found it, what this actually means for security and how to fix it.
  • The last stage is fixing the bugs. Typically, the penetration testers are not intimately involved with this part of the process.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed