Gather information about the target without direct interaction (passive) or through direct probing (active). This phase builds the attack surface map that guides all subsequent phases.

Actively probe the target to discover open ports, running services, software versions, and potential vulnerabilities. This transforms reconnaissance data into actionable attack vectors.

Exploit discovered vulnerabilities to gain initial access to target systems. This includes leveraging software flaws, misconfigurations, and social engineering to establish a foothold.

Establish persistence and escalate privileges to maintain long-term access. This simulates how real attackers create backdoors and move laterally through networks.

Understand anti-forensics techniques that attackers use to hide their presence. From a defensive perspective, learn what evidence to look for and how to detect evasion attempts.

Document findings, risk ratings, and remediation recommendations in a professional penetration test report. Clear reporting is what separates a pentest from an attack.