There are five phases of penetration testing. While others may break these down further, these five phases summarize the process of any penetration test. These phases may be done in any order, but are typically accomplished as outlined here. Ethical tests commonly stop after phase three.
Phase 1 – Reconnaissance
Reconnaissance is the act of gathering information on or about your target to better plan out your attack. This information gathering can be done actively, by directly interacting with your target, or it can be done passively through an intermediary. Techniques such as dumpster diving and social engineering are commonly found in the reconnaissance phase.
Phase 2 – Scanning
Scanning is a deeper form of information gathering, using technical tools to find openings in the target and the systems in place. These openings include internet gateways, listening ports, vulnerability lists, and available systems. Vulnerability scanning is common in this phase.
Phase 3 – Exploitation/Gaining Access
Exploitation is the act of using the information gained in phase 1 and phase 2 to take control of or take offline any number of target devices. Taking control of devices in this phase allows data extraction or utilization of the target devices to attack another target device.
Phase 4 – Maintaining Access
Maintaining access of a target machine is commonly done by installing backdoors and planting rootkits. This is also known as creating persistence on a target device.
Phase 5 – Covering Tracks
Covering tracks is removing all evidence that an attack ever took place. This can involve editing logs, hiding files, and de-escalation of custom privileged accounts.