Skip to content
ECQ Logo

Scenario-based Penetration Test

Scenario-based Penetration TestAdversary Simulation
1001011010001001011010101010010000101101101000000011010101001100011011010101110100011101110010000100111000101111000110101001101100100011111011100001010010010001010000110101101010100100010111101010101111001000011110011000110111010100110100110110011011001011000000110110110110111000

Penetration test service normally focuses on specific asset or target such as web/mobile application and doesn't cover assessment of the IT infrastructure of an organization. For this reason, penetration test alone cannot provide extensive visibility of security threats that are coming from many different angles.

Scenario-based Penetration Test service provided by ECQ helps address the issue of limited threat visibility by simulating attacks from an external, internal, and rogue user point of view. Utilizing the same Tactics, Techniques, and Procedures as of real world advesaries or APT attackers, Scenario-based Penetration Test can be thought of as a lighter approach to Adversary Simulation where attacks are conducted based on each specific scenarios and require

External
External
In External scenario, ECQ analyzes all possible attack vectors from an adversary point of view and execute all necessary hacking techniques to establish initial foothold to the target network. ECQ also simulates attacks originating from external branches or partners' network to help an organization understand better the threats that are coming from a compromised system of a remote branch or third-party vendor.
Internal
Internal
Internal scenario penetration test helps an organization evaluate the risks of having a compromised system in the internal network and validate the effectiveness of internal security controls such as SOC/EDR/IDS. In this scenario, ECQ uses its laptop to connect to any LAN point or WiFi network provided to attack and perform lateral movement. The objectives here are to gain administrative controls of the Domain Controller and breach mission critical systems of the target organization.
Credential
Credential
Credential or Valid Account scenario penetration test requires the Consultant to use a valid domain credential in an internal security assessment to try infiltrating deeper to the mission critical network segments via any LAN point or WiFi provided. The objective of this scenario is to help an organization discover insecure trusts, excessive privileges, leakage of sensitive information, and weak security controls.
Workstation
Workstation
Credential or Valid Account scenario penetration test requires the Consultant to use a valid domain credential in an internal security assessment to try infiltrating deeper to the mission critical network segments via any LAN point or WiFi provided. The objective of this scenario is to help an organization discover insecure trusts, excessive privileges, leakage of sensitive information, and weak security controls.