1. Pre-Engagement Interactions

Goal: Define scope, goals, rules, and communication.

• Scope: IPs, domains, apps, cloud, social engineering allowed?
• Rules of engagement: No-DoS, data exfil limits, working hours.
• Communication: Escalation path, daily/weekly syncs.

📌 Tools: Google Docs / Notion (for scoping), contract templates.

2. Intelligence Gathering

Goal: Map attack surface.

• Passive Recon (no touching target):
  • WHOIS, Shodan, crt.sh (cert transparency), OSINT.
• Active Recon:
  • Nmap scanning, DNS enumeration, banner grabbing.

📌 Tools:

• Passive: Maltego, theHarvester, Shodan, FOCA, Recon-ng.
• Active: Nmap, dnsenum, Amass, WhatWeb.

Example:

nmap -sC -sV -Pn -T4 10.10.10.0/24
amass enum -d target.com

3. Threat Modeling

Goal: Identify relevant threats + prioritize.

• STRIDE: Spoofing, Tampering, Repudiation, Info Disclosure, DoS, PrivEsc.
• MITRE ATT&CK: Map discovered services to known adversary techniques.

📌 Tools: OWASP Threat Dragon, MS Threat Modeling Tool.