Objective

Identify system weaknesses.

Prove exploitability.

Test detection & response.

Spot exposed / org data.

Inform proactive defense.

Scope

Broad — network / apps.

Targeted systems.

Org-wide (people, tech).

External / dark web only.

Global threat surface.

Attack Simulation

None.

Controlled.

Realistic / covert.

No — exposure only.

No — intel only.

Deliverables

Vuln list + fixes.

Report + PoC.

Attack chain + gaps.

Leak / exposure report.

TI report + IOCs/TTPs.

Cadence

Quarterly / changes.

Annual / bi-annual.

Annual / maturity.

Monthly / ongoing.

Continuous.

Audience

IT / SecOps.

Sec team / devs.

Execs / SOC / IR.

Sec managers.

CISO / analysts.