Attack Strategy

Overview

Think of external pentests like home security. The outside of the house is hardened with security but once you get in there's no longer locks on all of the doors.

There's a low chance of finding a RCE vulnerability on a website but a high chance of reused or weak passwords and a lack of MFA. OSINT and logical guessing is the best way to tackle this.

When you find a login portal don't focus on web application vulnerabilities and instead focus on breached credentials and getting into it that way instead. If there is a vulnerability in the web app, chances are someone else on the internet already broke into it.

Remeber that this is a external pentest and not a web application one. Testing for simple SQL injection is okay but spending most of your time doing OSINT to gather information for potential weak or reused passwords

Just like how getting into the internal network is really bad, being able to sign into an email and view private information is really bad as well.