OSF Offensive Security Fundamentals Cyber Kill Chain Learning Hub
Stage 02

Initial access marks the transition from external observation to internal presence.

This page explains common entry vectors, the purpose of a foothold, and the defensive controls that reduce the likelihood of compromise.

Featured Module Start at Recon
Overview

How attackers get in

Initial access refers to the moment an attacker successfully enters a system or network environment. It is the bridge between external reconnaissance and internal activity.

  • Exploiting vulnerable web applications
  • Phishing attacks that trick users into revealing credentials
  • Exploiting unpatched software vulnerabilities
  • Misconfigured remote access services
  • Weak or reused passwords
Attacker Goal

Establish a foothold

In professional penetration testing, the purpose of initial access is to demonstrate how an attacker might gain a foothold in the environment. Once access is established, the attacker can begin deeper exploration and identify opportunities to expand control.

Diagram showing common initial access vectors such as phishing, vulnerable web applications, weak passwords, unpatched software, and exposed remote access converging on a compromised system.
Defensive Controls

Reduce the probability of compromise

Defenders focus on patch management, multi-factor authentication, user training, and monitoring suspicious login behavior. These controls help block or expose the most common paths to initial access.

Layered defense diagram showing multi-factor authentication, user awareness, patching, secure remote access, and suspicious login alerting.