• Cyber security can be a very challenging discipline because it requires the basic knowledge necessary for a typical IT specialist and a much deeper understanding of all areas (networking, Linux and Windows systems administration, scripting, databases, etc.).
• We don't need to be experts in every single area of IT.
• However, the more experience and knowledge we have, the easier our job as an IT security specialist or penetration tester will become.

Pre-Engagement

• Where the main commitments, tasks, scope, limitations, and related agreements are documented in writing.
• During this stage, contractual documents are drawn up, and essential information is exchanged that is relevant for penetration testers and the client, depending on the type of assessment.

Information Gathering

• Because information, the knowledge gained from it, the conclusions we draw, and the steps we take are based on the information available.
• This information must be obtained from somewhere, so it is critical to know how to retrieve it and best leverage it based on our assessment goals

Vulnerability Assessment

• Divided into two Areas
• On the one hand, it is an approach to scan for known vulnerabilities using automated tools.
• On the other hand, it is analyzing for potential vulnerabilities through the information found.