The Phases of an Attack

The Phases of an Attack

Both malicious attackers and professional penetration testers utilize various stages or phases in their attacks or penetration test.

The Phases of an Attack / Penetration Testing:
Both malicious attackers and penetration testers depend in several phases in their attacks, namely:

While malicious attackers often go further, into phases such as:

  • Preserving and maintaining access with backdoors and rootkits.
  • Covering their tracks wlth concealed channels and log editing.

Note that these phases may not be always followed in order.

  • The best of the attackers usually attack as opportunities present themselves.
  • However, in conducting a professional penetration test, make sure you should not forget to go back or backtrack and do thorough analysis at any previously skipped step.

Penetration attacks are often separated into these phases:


Reconnaissance is the process of investigating, examining and analyzing the target organization in order to gather information about it from publicly available sources, such as domain registration services, websites, and so on. Several people include techniques such as social engineering and dumpster diving in the recon phase or reconnaissance phase.

Scanning is the process of finding openings in the target organization, such as wireless access points, lnternet gateways, available systems, vulnerability lists, and port listening.

Exploitation phase, is the stage where the attackers exploit target systems to compromise them, possibly getting control of the targeted systems or inducing a denial of service attack.

While legitimate tests often include the reconnaisance, scanning, and exploitation phases, malicious attackers often go further than the rules of engagement allowed for a professional penetration test. Most malicious attackers try to maintain access and control of a target machine, it usually involves setting up the compromised machine so the attacker can continue to keep control over the target machine and go back to it when need arises, with techniques such as installing backdoors and planting rootkits. Malicious attackers also often use a final phase, which is Covering the Tracks, where a malicious attacker do log editing, file hiding, and covert channels to conceal and hide their activities on a system or a network.

Please note that the most effective of the attackers are pragmatists. They don’t usually proceed from reconnaissance to scanning to gaining access and so on. Sure, they use these steps, but they are very likely to move around between the stages as events and discoveries bring about. For example, during the recon phase, attackers may discover an exploitable flaw that they will use to gain access directly, temporarily bypassing scanning. Then, once they gain access to one machine, they may go back and start scanning.

Although a penetration tester must be careful when jumping out of order between these steps, making sure that you go back to the earlier phases in order to conduct a extensive test.

Incoming search terms:

  • penetration testing phases
  • phases of penetration testing
  • stages of penetration testing
  • yhsm-inucbr_001