Skip to content
Submit a request
  • There are no suggestions because the search field is empty.

General Pentesting Methodology

What is a Penetration Test?

A Penetration Test (Pentest) is a method of security examination where testers identify and target individual components of a system, application, or business structure with the aim of gaining access or control that should not otherwise be allowed and revealing business-critical weak points wherever possible. Depending on the environment, testers may follow specific industry standard methodologies to ensure quality and meet requirements for security certifications. In any case, the goal of a penetration test is to assess the security of an environment as a whole by placing each part of it under intense scrutiny under the guise of a malicious actor.

Phases of a Penetration Test

1 | Planning and Reconnaissance

The most important part of any test, this phase includes defining a strict and specific scope that dictates which components of the system or business in question can be targeted and which can not. This phase also defines the goals of the test and the reason for having it done. It helps the pentest team build a methodology to accomplish these goals effectively. The pentest can not proceed without a scope. In addition to scoping, this phase also includes the gathering of OSINT (Open Source Intelligence), or information that can be acquired for free with a simple Google search or at a glance. This information combines with the scope to form the starting line of the penetration test.

2 | Scanning and Discovery

In the scanning and discovery phase, the team utilizes various tools to examine the system in a minimally invasive fashion to identify as many potential entry points as possible. This could include utilizing network scanning tools to identify open ports, vulnerability scanning tools to identify known vulnerabilities such as Common Vulnerabilities and Exposures(CVEs), or other methods that identify the technology stack of a system or environment. During this phase, the team gathers specific information about as many parts of the in-scope assets as possible to identify potentially vulnerable areas. In the case of physical engagements, this could include visiting sites to observe from afar, utilizing reconnaissance tools, or perhaps contacting employees anonymously to uncover potential entry vectors. This phase often takes some time and sets the stage for the actual exploitation and access stage.

3 | Gaining Access and Exploitation

By the time they reach this phase, the testers have a grasp of the of the business logic and flow of the environment they intend to test. They have identified their primary and secondary targets for gaining access or exploitation. This stage consists of a series of attempts to perform exploitation. The efforts are carefully executed as, in some cases, the failure of one attempt may render another attempt null or untouchable, especially in the case of social engineering, hardware, or physical engagements.

4 | Maintaining Access and Privilege Escalation

This phase may be visited more than one time as the tester or team successfully performs an exploit or gains unauthorized access. In this phase, the tester will examine the area, asset, or control they have gained access to, collect evidence of their access, and consider how the business impact of this access might be multiplied. They will attempt to establish persistence and will also attempt to escalate to higher levels of access, impact, or control by enumerating new avenues of attack and carrying them out.

5 | Reporting and Debrief

In this phase, the pentesting team will gather the evidence and notes collected from all other phases of testing. They will craft a report using the Red Sentry methodology that provides an executive summary and an overall grade, explains the tests performed during the engagement in detail, outlines the steps taken to find and perform every identified exploit or vulnerability accompanied by screenshots or pictures, describes the business impact of each and provides remediation advice and relevant resources for each. The team will also be available to review the report alongside clients or, in some cases, provide a debrief session to explain the findings and their ramifications.

This methodology ensures an in-depth examination at any or all levels of the tech stack in an environment that will identify technical, logical, and human vulnerabilities and weak practices before malicious actors have a chance to take advantage of them and provide guidance and resources for efficient remediation.