Technical report

The technical report will include a lot more details compared to the executive summary. In the technical report, you will define the scope, information, attack methods, and remediation steps in full. In this report, you can use technical terms that are easily understood, such as remote shell, pass-the-hash, and NTLM hashes.

The technical report will include the following sections:

• Introduction: This part will include topics such as the scope of the penetration test, contacts, systems involved, and approach.
• Information gathering: Here, you will explain how much of information you were able to gather on the targets. In this section, you can dive deeper to highlight what information was obtained by passive intelligence (information publicly available on the internet, DNS records, IP address information, and so on), active intelligence (port scanning, footprinting, and so on), personnel intelligence (what information was obtained from social engineering, phishing, and so on), and so forth.
• Vulnerability assessment: In this section, you will define what types of vulnerabilities were discovered, how they were discovered, and provide evidence of the vulnerability. 
• Exploitation/vulnerability verification: This section provides the detailed steps on how you acted on the vulnerabilities discovered. Details such as a timeline of the attack, targets, success/fail ratio, and level of access obtained should be included.
• Post exploitation: Details included here would be activities such as escalation paths, data extraction, information value, how effective the countermeasures were (if any), persistence, and pivot points.
• Risk/exposure: The results from the preceding sections are combined and tied to a risk and exposure rating. This section would contain information such as estimated loss per incident, the skill required to perform a certain attack, countermeasure strength, and risk ranking (critical, high, medium, low).
• Conclusion: The conclusion should always end on a positive note. Here, you will highlight any guidance for increasing the business' security posture with a final overview of the penetration test.

Now that we have built our foundation on what penetration testing is, its phases, and how it differs from vulnerability assessments and red team assessments, it's time to dive into lab environments.