PenTesting Methodology

PenTesting Methodology

Security Colony - Detail 2019-04-17 22-10-24.png


F3EAD Model

  1. Find: essentially ‘picking up the scent’ of the opponent, with the classic “Who, What, When, Where, Why” questions being used within this phase to identify a candidate target
  2. Fix: verification of the target(s) identified within the previous phase, which typically involves multiple triangulation points. This phase effectively transforms the intelligence gained within the “Find” phase into evidence that can be used as basis for action within the next stage
  3. Finish: based on the evidence generated from the previous two phases the commander of the operation imposed their will on the target
  4. Exploit: deconstruction of the evidence generated from the finish phase
  5. Analyze: fusing the exploited evidence with the wider intelligence picture
  6. Dissemination: finally publishing the results of the research to key stakeholder

Identify Target Environment

  1. Wireless
  2. Web Application
  3. MITRE ATT&C –
  4. External Network Infrastructure
  5. Internal Network Infrastructure
  6. Database Infrastructure
  7. Social Engineering
  8. Physical Security
  9.  SCADA
  10. IoT
  12. 0





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s