Course: Ethical Hacking
There are 10 steps for the kali linux testing methodology, as you can see in the picture below.
- Target scoping: is defined as an empirical process to gather target assessment requirements of its parameters in order to generate a test plan, business objectives, and time schedule. This process plays an important role in defining clear objectives towards any kind of security assessment.
- Information gathering: in this step is trying to collect as much as the information that can get about the target.
- Target discovery: in this step, it will do the process of discovering machines on the target network using various tools available in Kali Linux. It will explain the following topics: A description of the target discovery process. The method used to identify target machines using the tools in Kali Linux. The steps required to find the operating systems of the target machines (operating system fingerprinting).
- Enumerating target: is a process that is used to find and collect information about ports, operating systems, and services available on the target machines. This process is usually done after discovered that the target machines are available. In penetration testing practice, this task is conducted at the time of the discovery process.
- Vulnerability Mapping: the process of identifying and analyzing the critical security.
- Social Engineering: the practice of learning and obtaining valuable information.
- Target Exploitation: sets a penetration test apart from a vulnerability assessment.
- Privilege escalation: the process of exploiting a vulnerability to gain elevated access to the system.
- Maintaining Access: control the target for a specified amount of time.
- Documentation and Reporting: documenting, and reporting the vulnerability found.
Reference :
BackTrack 4: Assuring Security by Penetration Testing, author: Shakeel Ali, Tedi Heriyanto