ENGAGEMENT STRUCTURE

Detailed perspective on the target MUST be performed prior to EXPLOITING targets with MSF. This involves enumeration looking and identifying PUBLIC-FACING services (HTTP servers, FTP servers, SQL DB). Identifying the service VERSIONS is the KEY COMPONENT during ENUMERATION that will determine whether the target is vulnerable. Unpatched versions of previously vulnerable services or outdated code in a publicly accessible platform will OFTEN be the ENTRY POINT into the target system.

PROCESS

This division makes it easier to find and select the appropriate MSF features in a more structured way and to work with them accordingly. Each of these categories have different subcategories that are intended for specific purposes. These include, for example, Service Validation and Vulnerability Research.

• Enumeration

• Preparation

• Exploitation

• Privilege Escalation

• Post-Exploitation