Stage 0: Setup & Mindset (Pre-Attack)
Goal: Prepare environment and introduce hacker thinking.
What You Cover:
- Hacker vs Ethical Hacker
- Laws & Ethics (Computer Misuse Act, CFAA, GDPR basics)
- Setting up a Safe Lab (isolated VMs, no outbound traffic, snapshot use)
- Kali vs Parrot OS
- VPNs and Proxies
- Note-taking tools (CherryTree, Obsidian, Markdown, KeepNote)
- OpSec (No logs, no leaks, burner accounts)
Tools:
VirtualBox
VMware
Kali Linux
Parrot OS
TryHackMe
HackTheBox
Obsidian
CherryTree
Stage 1: Target Identification
Goal: Choose and scope a target (with permission)
Skills:
- Understanding Engagement Rules
- Threat Modeling Basics (STRIDE, DREAD)
- Asset Discovery and Scope Limiting
Tools:
Google
Whois
NSLookup
Hunter.io
Shodan
Censys
ZoomEye
Stage 2: Reconnaissance (Information Gathering)
Goal: Collect data about the target without touching it (passive) or with light probing (active)
Skills:
- OSINT
- Social Engineering awareness
- DNS enumeration
- Whois and metadata analysis
Passive Tools:
theHarvester
Google Dorking
Maltego
SpiderFoot
Active Tools:
Nmap
Amass
DNSenum
DNSrecon
Stage 3: Enumeration
Goal: Actively probe the system for deeper info like users, services, shares
Skills:
- Port & Service Enumeration
- Banner Grabbing
- Directory & File Brute-forcing
- SMB & FTP Enumeration
Tools:
Nmap
Gobuster
Dirbuster
Enum4Linux
Nikto
SMBclient
SNMPwalk
Stage 4: Vulnerability Identification
Goal: Find weaknesses in identified services or web apps
Skills:
- Manual CVE analysis
- Automated vulnerability scanning
- Misconfiguration detection
Tools:
Nessus
OpenVAS
Nmap NSE
Searchsploit
Vulners
CVE databases
Stage 5: Exploitation
Goal: Gain unauthorized access to the system
Skills:
- Payload crafting
- Shell management
- Exploit execution
Tools:
Metasploit
Netcat
Socat
MSFvenom
Sqlmap
Burp Suite
ExploitDB
Stage 6: Post-Exploitation
Goal: Expand access and assess impact
Skills:
- Privilege Escalation (Kernel, SUID, Weak Services)
- Credential Extraction (SAM, LSASS)
- Lateral Movement (Pass-the-Hash, Remote Admin)
Tools:
Mimikatz
WinPEAS
LinPEAS
BloodHound
LaZagne
SharpHound
Stage 7: Covering Tracks (Optional but Explained)
Goal: Understand how attackers evade detection (for awareness)
Skills:
- Log deletion & obfuscation
- Time stamp alteration
- AV/EDR evasion techniques
Tools:
Timestomp
Veil-Evasion
Powershell Obfuscation
Stage 8: Reporting & Recommendations
Goal: Translate technical findings into actionable reports
Skills:
- Technical & Executive Summaries
- CVSS Scoring
- Strategic Mitigation Advice
- Proof of Concept Writing
Deliverables:
- Final Penetration Test Report
- Screenshots and Notes
- Remediation Checklist