flowchart TD
A[Start Penetration Testing Assessment] --> B{Reconnaissance Type}
B -->|Passive Recon| C[Passive Recon: OSINT, DNS, Social Engineering, etc.]
B -->|Active Recon| D[Active Recon: Network DNS, Service Discovery, Port Enumeration]
C --> E{Vulnerabilities Found?}
D --> E
E -->|Yes| F[Applications Assessment: Attacks, Exploits, SQLi, etc.]
E -->|No| G[Vulnerability Discovery or Scanning]
G --> F
F --> H{Gain Access or Controls?}
H -->|Yes| I[Service/Application Exploitation: Web, FTP, SSH, SMB, RDP, etc.]
H -->|No| J[Actual Exploitation: Use Ghosts or Previous Exploits from Research]
I --> K{Gained HTTP Access/Shell?}
J --> K
K -->|Yes| L[Manual Testing: Fuzzing, Brute Force, Preparation Methodologies]
K -->|No| M[Remote Exploitation: Privilege Escalation, Persistence of Trial Methods]
L --> N{Privilege Escalation Successful?}
M --> N
N -->|Yes| O[Post-Exploitation: Privilege Escalation, Commands, Net Evidence]
N -->|No| P[Research and Document Vulnerabilities: Report on Systems, Evidence Framework]
O --> Q{Access Granted?}
P --> Q
Q -->|Yes| R[Findings Documentation, Privilege Escalation Report, Recommendations]
Q -->|No| S[Re-Assessment: Logging, Pivots, Advanced Cloud Methods]
R --> T{Service Movement Impacted?}
S --> T
T -->|Yes| U[System Lateral Movement: Blockchain, Penetration, Network, etc - Storytelling]
T -->|No| V[Report Document: SOW Findings, Report Delivery, System Documentation]
U --> W{Strategic Escalation Recommended?}
V --> X[End of Test: Recommendations Review]
W -->|Yes| Y[Capture Lateral Movement: Applications Assessment - Detailed Report on Infrastructure]
W -->|No| Z[Strategic Enhancement: Advanced Logging, Pivots, Infrastructure Upgrades]
Y --> X
Z --> X