In the planning phase, the customer delineates the engagement's scope, specifying the targeted systems, networks, and applications for testing. This collaborative step involves setting clear rules of engagement with the customer to define the testing boundaries and ensure all activities are agreed upon. It also includes identifying any pertinent regulatory requirements that need to be addressed, aligning the testing process with industry standards or data protection laws as necessary. The outcome of this phase is a detailed contract that encapsulates the scope, rules, and regulatory considerations, serving as a guiding document for the entire penetration testing engagement.

The Reconnaissance stage follows planning and involves both active and passive information gathering techniques tailored to the engagement's specific nature and scope. This stage may include scanning public-facing interfaces to identify open ports and services, evaluating DNS entries for information about domain structures and potential vulnerabilities, and checking TLS certificates for validity and configuration issues. Additional methods of data collection can encompass passive techniques such as analyzing publicly available information to identify potential entry points and vulnerabilities without directly interacting with the target system. This comprehensive information gathering phase is critical for mapping out the attack surface and preparing for the subsequent stages of the penetration testing process.

During the testing phase, efforts are concentrated on actively attempting to breach the systems within the agreed-upon boundaries of the contract. This phase involves executing various strategies to subvert security measures, with the primary objectives being data exfiltration and rights escalation. Techniques employed may range from exploiting known vulnerabilities to simulating social engineering attacks, all tailored to identify weaknesses that could be leveraged by malicious actors. This stage is conducted with utmost respect for the limits and conditions established in the planning phase, ensuring that all activities are ethical and within legal boundaries. The aim is to uncover as many vulnerabilities as possible, providing a realistic assessment of the system's security posture.

Auspex Labs delivers a comprehensive report detailing all findings from the penetration testing process, including both vulnerabilities and secure attributes of the systems tested. Tailored to meet the regulatory frameworks specific to our customers, such as NIST SP 800-171, PCI DSS, HIPAA, ISO 27001, and others, the report ensures compliance with industry standards.
It includes detailed reconnaissance data, such as DNS entries, services running, and issues with TLS certificates, alongside narratives of each attack attempt, highlighting exploited vulnerabilities, techniques used, and the rationale for not targeting certain services. Designed to exceed contractual and regulatory requirements, this report provides actionable insights for remediation and enhancing system security.