The Five Phases of Penetration Testing

The Five Phases of Penetration Testing

According to the EC-Council's Certified Ethical Hacker material, successful black hat operations typically follow five phases: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks. In this post, we'll explore a high-level view of each phase.

Reconnaissance is the act of gathering data or information of a target. The data is gathered in order to better an attack. Reconnaissance can be performed actively or passively.

Scanning requires the application of technical tools to gather further intelligence on your target, but in this case, the intel being sought is more commonly about the systems that they have in place.

Gaining access requires taking control of one or more network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets.

Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible. The attacker must remain stealth so as to not get caught while using the host environment.

Covering Tracks The final phase of covering tracks simply means that the attacker must take the steps necessary to remove all resemble of detection. Any changes that were made, authorizations that were escalated etc. all must return to a state of non-recognition by the host network’s administrators.

  • Reconnaissance-phase 1
  • Scanning-phase 2
  • Gaining Access-phase 3
  • Maintaining Access-phase 4
  • Covering Tracks-phase 5

Leave a comment