# Attack Strategy
## Overview
Think of external pentests like home security. The outside of the house is hardened with security but once you get in there's no longer locks on all of the doors.
There's a low chance of finding a RCE vulnerability on a website but a high chance of reused or weak passwords and a lack of MFA. OSINT and logical guessing is the best way to tackle this.
When you find a login portal don't focus on web application vulnerabilities and instead focus on breached credentials and getting into it that way instead. If there is a vulnerability in the web app, chances are someone else on the internet already broke into it.
Remeber that this is a external pentest and not a web application one. Testing for simple SQL injection is okay but spending most of your time doing OSINT to gather information for potential weak or reused passwords
Exchange Login Portal
Just like how getting into the internal network is really bad, being able to sign into an email and view private information is really bad as well.
{% hint style="info" %}
Focus on the basics and think simple. Penetration tests are **NOT** Capture the Flags so have a real world mindset
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://pnpt.adot8.com/external-pentest-playbook/methodology/attack-strategy.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.