Needs analysis
- sizing
- Service
- possible/ meaningful test fields
Kick Off
- conditions
- scoping
- Communication
- Status
- testing times
- scenarios etc.
Execution
- Information Gathering (External/ Internal – Network/ Windows)
- Functionality & basic bypass options of countermeasures (firewalls, load balancers, VLAN/ACLs, NAC)
- Vulnerability Analysis (automated, manual, scripted)
- Exploitation (controlled exploitation of vulnerabilities, fuzzing, MITM, Windows Active Directory)
- Preparation of a social engineering scenario
- Functionality & basic bypass options of countermeasures (IDS, IPS, WAF, EPP/AV)
- Post Exploitation (Privilege Escalation, Pivoting, Lateral Movement, OPSEC Basics, Living off the Land)
Completion
- Documentation
- Presentation for IT & Management
Previous
Next