Day 1: Reconnaissance and OSINT

Today's Objective

The most powerful phase of a pentest happens before touching the target. Passive OSINT with Maltego, Shodan, and theHarvester — the intelligence picture that guides every attack decision.

PTES and OWASP Testing Standards

The Penetration Testing Execution Standard (PTES) defines seven phases: pre-engagement, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. OWASP's Testing Guide adds web-specific methodology. Following a standard ensures consistency across engagements and demonstrates professionalism to clients.

Building a Kali Linux Lab

Kali Linux is the industry standard attack distribution — 600+ pre-installed security tools. Set it up in VirtualBox with a host-only adapter for isolation. Create snapshots before each exercise. Complement Kali with a Windows 10 victim VM and Metasploitable 2 for a complete lab. The VulnHub site offers hundreds of downloadable vulnerable VMs.

Scoping and Rules of Engagement

Before any testing, define: in-scope IP ranges and domains, out-of-scope systems, testing window (dates/times), escalation contacts, and what to do if you find critical issues mid-test. The Rules of Engagement (RoE) document is your legal protection. Without it, penetration testing is computer crime.

bash

# Verify Kali tools are current
sudo apt update && sudo apt full-upgrade -y

# Check key tools are available
nmap --version
metasploit-framework --version || msfconsole --version
burpsuite &

# Create a project directory structure
mkdir -p ~/pentest/client-name/{recon,scans,exploits,loot,report}
cd ~/pentest/client-name

# Start logging everything
script -a ~/pentest/client-name/session.log

# Document your lab IP layout
ip addr show eth0
arp -n

💡

Use a dedicated pentest VM that you snapshot before each engagement. This gives you a clean, known-good baseline and lets you roll back if something goes wrong.

📝 Day 1 Exercise

Set Up Your Pentest Lab

Install VirtualBox and download the Kali Linux VM image from kali.org/get-kali
Create a host-only network adapter named 'PentestLab' in VirtualBox settings
Attach Kali and Metasploitable 2 to the same host-only network
Verify connectivity: ping Metasploitable from Kali
Create your project directory structure and start a session log

Day 1 Summary

PTES defines 7 phases from pre-engagement to reporting
Kali Linux is the standard penetration testing distribution
Scoping and RoE documents are legal requirements, not optional bureaucracy
Lab isolation prevents accidental attacks on production systems
VulnHub and HackTheBox provide legal practice targets

Challenge

Write a one-page mock Rules of Engagement document for a fictional client engagement. Include scope, exclusions, testing window, and escalation procedures.

Day 2: Web Application Testing

→

What's Next

The foundations from today carry directly into Day 2. In the next session the focus shifts to Scanning, Enumeration, and Vulnerability Analysis — building directly on everything covered here.

Supporting Videos & Reading

Go deeper with these external references.

YouTube

Reconnaissance and OSINT — Video Walkthroughs Community tutorials and walkthroughs covering the concepts in this lesson.

→

YouTube

Reconnaissance and OSINT Explained Deep-dive explanations and live-coding sessions from top educators.

→

Official Docs

Official Documentation Primary reference documentation for the technologies covered in this lesson.

→

GitHub

Open Source Examples Real-world codebases demonstrating the patterns taught in this lesson.

→

Day 1 Checkpoint

Before moving on, verify you can answer these without looking:

What is the core concept introduced in this lesson, and why does it matter?
What are the two or three most common mistakes practitioners make with this topic?
Can you explain the key code pattern from this lesson to a colleague in plain language?
What would break first if you skipped the safeguards or best practices described here?
How does today's topic connect to what comes in Day 2?

Live Bootcamp

Learn this in person — 2 days, 5 cities

Thu–Fri sessions in Denver, Los Angeles, New York, Chicago, and Dallas. $1,490 per seat. June–October 2026.

Reserve Your Seat →

Continue To Day 2

Day 2: Web Application Testing

→