Assume Breach Testing

This type of testing is usually scenario-based and aims to answer the more specific question of what an attacker can do once they are inside your environment.

One or multiple flags of high importance to the company define the objectives of the assignment. After choosing the flag(s), a realistic scenario is drafted together with the customer, often involving pre-established access or a simulated first foothold within the environment. Internal reconnaissance and lateral movement are then carried out repeatedly to accumulate higher access levels until the flag(s) are within reach.