Internal Pentest Phases Diagram
A stage-by-stage overview of the internal pentest lifecycle, from pretext and access to cleanup and reporting.
Attack Lifecycle
7 PHASES
01
📋
Pre-Engagement
- Scoping
- Authorization
- Rules of Engagement
02
🔍
Reconnaissance
- Network Discovery
- AD Enumeration
- Asset Mapping
03
📡
Scanning
- Port Scanning
- Service Detection
- Vulnerability Scan
04
🗂️
Enumeration
- SMB/LDAP
- Kerberos
- Database Enum
05
💥
Exploitation
- Credential Attacks
- Relay/Kerberos
- Initial Access
06
🎯
Post-Exploitation
- Privilege Escalation
- Lateral Movement
- Domain Dominance
07
📊
Reporting
- Evidence Collection
- Executive Summary
- Technical Report
Planning
Discovery
Exploitation
Post-Exploit
Documentation