Attack Methodology

  1. What ports are open on the system?
  2. What Services are running on those open ports?
  3. What version of the service is running?
  4. Are there known vulnerabilities in any of the detected services?
  5. Are there misconfigurations in any of the detected services?

Question Assumptions

  1. Are we assuming all open ports have been discovered?
  2. Are we sure the service detected on an open port is actually the service running?