Recon
Understand the security posture, Network Topology.
Passive Reconnaissance
Gather publicly available data:
- IP addresses
- Domain names
- Employee names
- Organizational structure Use OSINT Fundamentals
Active Reconnaissance
Interact directly with target systems:
- Probe for open ports Use Nmap, Metasploit, Netcat
Weaponizaiton
Exploit written as a delivarable payload
Delivery
Payload written to a deliverable (executable, USB Flash Drive)
Exploitation
Exploit the vulnerability to get access to system
Installation
Install Malware
C2
Command and control server communicates with malware
Actions
Run actions through the command and control server