Essential Steps in Network Penetration Testing Methodology

Step #1 - Information Gathering

1. Passive Information

   1. OSINT

2. Active Information Gathering

   1. Network Mapping

   2. Host Discovery

   3. Port Scanning

   4. Service Detection

   5. OS Detection

Step #2 - Enumeration

1. Service Enumeration

2. OS Enumeration

3. User Enumeration

4. Share Enumeration

Step #3 - Exploitation (Initial Access)

1. Vulnerability Discovery

   1. Vulnerability Analysis

   2. Vulnerability Identification

   3. Threat Modelling

2. Exploitation

   1. Developing/ Modifying Exploits

   2. Service Exploits

      
      

Step #4 - Post Exploitation

1. Local enumeration

2. Privilege Escalation

3. Credential Access

4. Defense Evasion

5. Lateral Movement

Step #5 - Reporting

1. Report Writing