Information Gathering / Discovery - Specific tools will be used to obtain as much information from the current internal infrastructure.

Service Enumeration - All services discovered on the hosts under test will be itemised. Service enumeration allows specific software types and versions to be retrieved from the network as well as policies, shares, resources and valid user accounts.

Vulnerability Assessment - This phase of testing will attempt to analyse the information retrieved in previous steps in order to determine whether a specific weakness exists or not.

Manual Testing - Once all of the hosts and services have been identified manual testing techniques and follow-up will be used to either extract further sensitive information from the host or (depending on the rules of engagement) exploitation.

Post exploitation - Once a machine in scope has been compromised, pivoting and lateral movement techniques will be exercised. This practice is often employed to fully explore and demonstrate the true risk of a vulnerability by emulating the ‘snowball’ effect of stacked vulnerabilities.

Information Egress - The routes in which data can be extracted from the systems in scope will be examined and used to identify where extra controls could be implemented or security enhanced.

Reporting - A business executive summary, high level descriptions and technical details of each finding, is provided to offer the customer a wealth of information to implement remediation’s to not only fix the current issue, but also the underlying root cause, ensuring issues of the same nature do not re-occur.