Hacking is broken up into 5 phases: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and finally Clearing tracks. As a penetration tester we must follow two additional steps, obtaining written permission and reporting. Following and understanding these phases are critical to a successful penetration test. Let's dive in a little deeper and see what each phase means to us. Written permission: Before we can start any penetration test we need to obtain written permission from a individual that has the proper authority to authorize our penetration test (CTO, CIO, CEO, etc.). As part of this documentation we must list clearly the scope of the project, expectations, hours of operation, participants, start and end date, who authorized the penetration test. Do not start any penetration test without this! This form is our "Get out of jail free" card should something go wrong or change. This also means that we must be very strict in staying within the writ