Actually simulating an attack; often contract with a 3rd party to do it
.
Just looking for holes that can later be exploited
.
Scanning open sources for info on a potential target such as social media site, corporate websites, online forums, dumpster diving, social engineering, etc
.
Actually looking to see what holes exist - really same as vulnerability scanning - such as OS scans, service scans, etc.
.
First attempts at trying all types of attacks to see what works - throwing mud on the wall to what sticks - but be very careful of doing this during production times
.
Repeated attempts, even after vulnerability is patched; attack may even set up user accounts that would allow fake users in
.
Once you get a foothold point in, then from there you can move around within the system
.
Pentester has no idea about the system and is trying everything from scratch - it's a "blind" test
.
Pentester only has a certain amount of information about the system or is only focusing on certain areas
.
Pentester has all of the information about the system upfront
.
|
