Defining the intruder model (internal or external, enabled rights and privileges). Defining goals, source data, scope of work and testing targets. Determining the scope of a target environment. Developing the testing methodology. Defining interaction and communication procedures.
Fieldwork, service identification. Custom scanning or intrusion tools are developed if needed. Vulnerabilities detection and scanning, elimination of false positives. Vulnerabilities exploit and gaining an unauthorized access. Utilization of compromised systems as a springboard for further intrusion.
Result analysis and reporting with recommendations for reducing risks. Visual demonstration of the damage that can be inflicted to the system by an intruder.