1. Foot printing, Scanning and Enumeration, System Hacking, Deploy Payload and cover tracks.
2. The first step I would take would be from the 5 steps to hacking which is the reconnaissance. I would use passive reconnaissance as this pertains to information gathering.
3. Google is a major tool in most hackers initial first step. But you can use Nmap, AMAP, ScanRand and Paratrace.
4. Social Engineering is one of the number one ways a network is easily infiltrated. They major forms of this are Phishing, baiting and diversion theft.
5. Enumeration is the same as scanning a system for vulnerabilities that can be used to attack the system itself. This is vital to any hacker’s object since it reveals the information needed to access the target.
6. To avoid detection a good hacker will always cover their tracks. This is done by purging any information in the system that could even minutely show the trace that someone was there. You must be careful when doing this because sometimes its not what’s there that gets the hacker busted but what wasn’t.
7. Most hackers would leave a backdoor to use to regain access.
8. Stop! Report it!
9. NIST 800-42 Guideline on Network Security testing.
10. Planning, Discovery, Attack, and Reporting.
11. Conducting an internal penetration test provides information on vulnerabilities that are present to an attacker that has already gained access to the network/system.
12. A tester should stay within the parameters that were agreed upon by the company. Any other actions could be deemed illegal and could result in getting charged with a crime by the company.
13. An unplanned penetration test by an outside consulting firm tests the response time of a true attack on the system. The IT department would not have time to have things prepared for the known attempt to break in.
14. A web application penetration test is only focusing on the application security, not the network security. A network penetration test analyzes both the...