Gaining access

It is in this phase that pen testers try to get a foothold into the company's internal network. Nowadays, spear-phishing seems to a very common and effective way of accomplishing this. A well-crafted spear-phishing campaign can be launched against the company and create a convincing scenario based on the information gathered during the reconnaissance phase.

Gaining access can also include using exploits/credentials on a remote service to log into a system and then execute a payload.

Metasploit and PowerShell Empire can aid in this as they both create payloads, also known as stagers. Once the stager is executed on the target, it runs in memory. This style leaves very little forensic evidence behind. The other case is pushing a binary to the remote system and executing the binary via the command line, which can be equally effective. This approach is faster and doesn't rely on an internet download to be successful.