# Pentesting Process - Non-linear process 1) Pre-engagement - NDA - Goals - Scope - Time estimation - Rules of engagement 2) Information gathering - Passive recon: OSINT - Active recon 3) Vulnerability assessment - Analyze results from info gathering 4) Exploitation - Test attacks against potential attack vectors 5) Post-exploitation - QoL - Pillage system to which we have access - Ferret out credentials - Privilege escalation - Persistence? 6) Lateral movement - Movement within internal network to additional hosts with the same or higher privilege level 7) Proof of concept - Document the steps taken to achieve compromise and prove that these vulnerabilities exist 8) Post-engagement - Deliver formal report to client - Report walk through including potential remediations