Step 1: In this phase, the client & penetration tester begins by defining the scope of the security assessment. There are a lot of variables that go into defining the scope.

1. What is the scope of devices, infrastructure, applications, or services being tested? Also known as the components.

2. What is the criticality of the components being tested?

3. Will the testing be performed from outside the network, inside the network, or both?

4. What level of notifications will go out to which employees, staff, and contractors? The basic rule to follow is need-to-know. If anyone does not need to know, then don't tell them.

Step 2: Once the scope has been defined, there is enough information to plan the timing and duration of the engagement. With that information, it is essential to create a clear timeline that defines the testing windows for the various components that were identified in step-1.

It is important to refine the timeline so that the testing does not drag out over time, thus exposing possible vulnerabilities beyond necessary.

Step 1: Gather all of the information necessary for conducting a successful test. This information lays the groundwork for the approach taken against each component defined in the scope. That includes the tooling, timing, and the personnel involved.

Step 2: Perform a public OSINT against the organization to gather the information that a bad actor would be able to find and then use against the organization.

Step 1: Performing a reconnaissance of the environment is necessary to identify the attributes for the components that are in-scope and those which are not.

Step 2: Based on the attributes, tests are performed against the targeted components

dsfgsyt