When a company hires a white hat hacker to assess the security of a system by finding and exploiting vulnerabilities.
Collecting information about a target without directly accessing the system (social media, news, website, etc).
Collecting information about a target by actively engaging a system and analyzing responses (network and port scans).
When the tester is first able to gain access into the target system.
Using a compromised trusted system to gain access to a target system within the same network.
Using tools to gain higher levels of privilege.
When the tester has no knowledge of the target system (simulates an external attack).
When the tester has intimate knowledge of the target system (simulates an internal attack).
When the tester is limited knowledge of the target system.
