Penetration Testing Process
Fundamentals
Overview
Understanding the phases of penetration testing: Planning, Information Gathering, Vulnerability Assessment, Exploitation, Post-Exploitation, and Reporting.
1
Exercises
2
Flashcards
1
Mind Maps
Cheatsheet
Phases
- Pre-engagement: Scope, RoE, legal
- Recon: Passive & active info gathering
- Enumeration: Services, users, shares
- Exploitation: Initial access
- Post-Exploitation: Privesc, persistence, lateral movement
- Reporting: Document findings
Key Commands
whois domain.com # Query domain registration info dig domain.com ANY # Query all DNS records host -t mx domain.com # Find mail servers
Command Examples
Common Pitfalls
- Skipping enumeration - always enumerate thoroughly
- Not documenting as you go
- Forgetting scope boundaries
Exam Survival Tips
- Screenshot everything important
- Keep detailed notes with timestamps
- Document dead ends too