What It Is
A nine-step assessment model that predates and influenced most modern pentest frameworks. Where PTES gives you seven phases, ISSAF breaks the attacker lifecycle into finer detail:
- Information Gathering — Passive and active reconnaissance
- Network Mapping — Topology discovery, service enumeration
- Vulnerability Identification — Scanning, manual analysis
- Penetration — Initial exploitation attempts
- Gaining Access — Successful exploitation, initial foothold
- Escalation — Privilege escalation, lateral movement
- Maintaining Access — Persistence mechanisms, backdoors
- Covering Tracks — Anti-forensics, log manipulation
- Reporting — Documentation of the full lifecycle
Why It Matters
The granularity is the point. PTES combines “gaining access,” “escalation,” and “maintaining access” under exploitation and post-exploitation. ISSAF separates them because they involve fundamentally different techniques and different risk profiles.
The “Covering Tracks” phase is unique. No other major framework explicitly addresses anti-forensics as a formal testing phase. Understanding how attackers clean up after themselves is essential for defenders designing detection that survives evasion.
When to Use It
As a reference for understanding the full attacker lifecycle at maximum resolution. If PTES is your engagement workflow, ISSAF is the detailed map of what happens inside each phase. It’s also historically important — reading ISSAF helps you understand why later frameworks made the design choices they did.
The Offensive Angle
The separation of “gaining access” from “escalation” from “maintaining access” mirrors how advanced persistent threats actually operate. Initial access is one skill set (phishing, exploitation). Privilege escalation is another (kernel exploits, misconfigurations, token abuse). Persistence is yet another (scheduled tasks, registry keys, implant deployment). Different TTPs, different detection opportunities, different risk.
Pairs Well With
- PTES — Higher-level workflow around ISSAF’s granular phases
- OSSTMM — Metrics framework to measure what ISSAF enumerates