Professional Enterprise Penetration Testing

In-person

Recon for massive scopes

Passive recon using modern whois, DNS and ASNs

In-deposable cloud recon

Scouring for credentials, secrets and keys

Username enumeration

Service enumeration

AiTM and device code phishing

Attacking common services

Scanning vs. Mass scanning

Strategies for scanning large networks

Service enumeration

Vulnerability scanning

Exploit selection for initial access

Info gathering for initial access (users, emails, tech in use, etc.)

Email based social engineering

Phishing and payload delivery

Payloads and stages

Different types of payloads

Commonly used payloads

Choosing a C2

C2 for initial access

C2 for post exploitation

Persistence

Linux privilege escalation

Windows privilege escalation

EDR evasion

Lateral movement

Exfiltration

Clear text passwords

Online password attacks

Dumping hashes

Capturing hashes

Extracting hashes

Using uncracked hashes

Cracking hashes

Enumerating AD

Escalating privileges in AD

Kerberos attacks

AD persistence

Types of reporting

Reporting best practices

Reporting pitfalls