So far, we have learned about various penetration methodologies and frameworks. By now, you’re probably wondering how to put it all together. One of the first things you learn during a penetration-testing training course is the five phases of hacking. In each phase, there are objectives to complete as a penetration tester/ethical hacker; one phase leads to the next until the final stage is completed:
- Reconnaissance
- Scanning
- Gaining access
- Maintaining access
- Clearing tracks
The Reconnaissance phase is the most important phase of all. This phase is all about information-gathering about the target; the more information a penetration tester has about a target, the easier it is to exploit it. During this phase, the following are usually conducted:
- Usages of search engines such as Yahoo, Bing, and Google
- Searches on social networking websites about the company and employees (past and present)
- Performing Google hacking techniques to gather more precise information...