- OSINT (if applicable)
- Scan for open ports and research them to further enumerate the services
- Enumerate the services as much as possible and write down anything potentially useful
- Research potential vulnerabilities for found services
- Exploit the target and create persistence
- Loot the machine and move throughout the network if within scope