The planning phase consisted of consulting service owners to establish scope, assumptions, resources, timeline and deliverables.The agreed upon scopes and objectives will be detailed in the Rules of Engagement. For assumed breach scenarios, servers and credientials will be provided to the testers.

The reconnaissance phase consisted of reviewing past assessments and collecting and reviewing network diagrams provided by service owners. Open source intelligence will be gathered and analyzed from publicly available data sources, such as Shodan and Google search engines. 

A mixture of assessment tools for network security, port scanning, and vulnerability scanning will be utilized for automated scans on IP addresses of in-scope systems. Active devices, device operating system, open ports and associated services/applications, and vulnerabilities will be identified and recorded. 

The vulnerability analysis phase consists of comparing the services, applications, and operating systems of scanned hosts against vulnerability databases (automatic process for vulnerability scanners) or public databases such as the National Vulnerability Database (NVD). Identified vulnerabilities will be reviewed and analyzed. An attempt to identify false positives will be performed by running a different vulnerability assessment tool to corroborate finding when possible.

Active Directory data and security assessments findings will be reviewed. Attack paths, exploitable relationships and abusable Active Directory permissions will be identified and researched for exploitability.

Vulnerabilities will be identified in the context of risk, impact, exploitability, and criticality of the asset. Criterias are established based on vulnerabilities identified to prioritize assets to target for the exploitation phase.

The exploitation phase consists of attempting to exploit discovered vulnerabilities. Exploits includes attempts to gain access to targeted assets. If successful, further attempts will be made to escalate privilege, browse for information on the targeted asset, and establish persistence or lateral movement. Every effort will be made during the exploitation phase to minimize impact to targeted assets and services.