Phase 2 - Enumeration: Finding Attack Vectors
During the enumeration phase, possible entry points into the tested systems are identified. The information collected during the reconnaissance phase is put to use here.
The Planning Phase
In contrast to the reconnaissance phase, pentesters actively query specific systems during enumeration, to gather as much information as possible. In a network test, this can be the obligatory portscan, directly querying single services or the identification of the tested systems' individual security weaknesses. Other problems can also be found in a company's physical security concept, for example concerning publicly accessible areas, radio links between buildings or access control systems.
During enumeration, information is systematically collected and individual systems are identified. The pentesters examine the systems in their entirety. This allows to evaluate security weaknesses that not necessarily stem from a technical problem. A technically secure password protection can for example prove to be worthless if attackers are able to see a user's password entry through a window. During the enumeration, the pentesters collect information about potential weaknesses that are either verified or disproved during the exploitation phase.
RedTeam Pentesting uses a broad variety of software and specialized hardware. In the software area, free and commercial, as well as programs developed in-house are available. On the hardware side, devices such as keyloggers or special wireless hardware are used. But hard- and software are only a penetration tester's toolbox. A successful penetration test thrives from the pentesters' know-how and creativity. As the enumeration phase oftentimes prepares the actual attacks, creativity in finding ways to access the target systems is imperative. RedTeam Pentesting always works in teams, to optimally bundle and apply the pentesters' individual creativity. For the customer, this approach pays off in the end.
All potential problems identified in this phase are verified in the next step. Now, during the exploitation phase, real attacks are performed under inclusion of the knowledge gained from the collected information.