Surface Mapping
Define the attack surface before touching anything. Document all exposed services, subdomains, technologies, and entry points. Build a complete picture before forming hypotheses. Unexamined scope is risk.
Structured Enumeration
Go deeper on each identified service. Enumerate version data, misconfigurations, and exposed functionality. Directory and parameter fuzzing, API endpoint discovery, authentication mechanism analysis. No guessing — systematic coverage.
Vulnerability Validation
Filter signal from noise. For each identified potential vulnerability, validate exploitability in isolation before building attack chains. Avoid false positive paths early — they waste time in later phases.
Exploit Adaptation
Adapt public exploits or develop custom payloads for the specific target environment. Understand what the exploit does at the code level. Modify for the environment — WAF bypass, encoding, timing adjustments, chaining with other findings.
Privilege Escalation Logic
Once initial access is established, enumerate the local environment for escalation paths. SUID binaries, writable cron jobs, sudo misconfigurations, kernel version gaps, credential reuse. Every path is documented before attempting.
Post Exploitation Analysis
After achieving objective, document what was possible from the compromised position. Lateral movement opportunities, sensitive data accessible, persistence mechanisms available. The writeup starts here — every finding gets root-caused to a specific misconfiguration or gap.