Bubba AI, Inc. 2261 Market Street, San Francisco, California, 94114 Penetration Testing Process Engagement Preparation – Scope & Planning: We collaborate with stakeholders to define the scope, goals, rules of engagement, and operational requirements. Engagement Launch – Kickoff: Testing activities begin, supported by clear communication channels and coordination of resources. Information Gathering – Reconnaissance: We perform extensive passive and active recon to map the environment and identify initial points of interest. Vulnerability Assessment – Discovery: Automated and manual methods are used to identify weaknesses across all in-scope systems. Exploitation – Attack Simulation: We attempt to exploit identified vulnerabilities to validate their impact and assess the effectiveness of existing defenses. Post- Exploitation – Impact Evaluation (Optional): When required, we analyze the potential depth of compromise, including privilege escalation, lateral movement, and data exposure. Reporting – Findings & Recommendations: We deliver a detailed report with validated findings, impact analysis, and actionable remediation guidance. Retesting – Validation (Optional): After fixes are applied, we perform retesting to confirm that vulnerabilities have been effectively addressed. Engagement Closure – Debrief: We conclude with a formal debrief, presenting results and strategic recommendations to help strengthen long- term security resilience.