Assume All Compromised, Simulate Internal Threats
CypherLeap's assumed breach service changes the way we approach security testing. We work on the premise that an attacker has already gained initial access to your network. We assume all compromised and then simulate internal threats, carefully exploring how far an adversary could move laterally, escalate privileges, and access vital data once they're inside your perimeter.
This crucial assessment supports your business truly understand your organisation's internal security standing, highlighting key weaknesses that could lead to a full system takeover.
Our assumed breach engagements are guided by principles found in NIST SP 800-115, Penetration Testing Execution Standard (PTES), Adversarial Tactics, Techniques, and Common (MITRE ATT&CK, Enterprise Matrix) and general Red Teaming Best Practices, simulating realistic post-compromise scenarios.
Methodologies
Assessment may be conducted using either a Black-Box approach, or Grey-Box approach
- Black-Box Assessment
- Grey-Box Assessment
Assessment in which the testing team will have no prior knowledge about the targeted environment, systems and endpoints.
Assessment in which the testing team will have very limited knowledge about the targeted environment, systems, endpoints, and may require walkthrough or guidance from one of your technical team.
- Authenticated
CypherLeap may request access to targeted user roles within the organisation to identify vulnerabilities from an authenticated user’s point of view. This allows your business to better understand associated risks and identify potential privilege escalation pathways.
Why Choose Us
- Focused simulation of real-world internal compromise
- Methodical exploitation paths and movement modeling
- Risk-based reporting with MITRE mapping and CVSS scoring
- Actionable insights for hardening internal controls
- Valuable for Zero Trust implementation readiness
Gain True Insight into Your Internal Defenses
Assumed Breach assessments deliver a realistic picture of how prepared your organisation is after a compromise has occurred an essential part of proactive cyber defense.
Let CypherLeap expose the blind spots most threat actors exploit once they’re inside.
Frequently Asked Questions
What is the difference between Assumed Breach and traditional Penetration Testing?
Traditional penetration testing often focuses on external threats attempting to breach the perimeter. Assumed Breach starts with the premise that the attacker is already inside your network, and the objective is to evaluate how far they could go simulating lateral movement, privilege escalation, and data exfiltration.
How is Assumed Breach different from Red Teaming?
Assumed Breach is a focused simulation of post-compromise behavior, typically with a defined entry point (e.g., compromised host or credentials). Red Teaming, on the other hand, covers the entire kill chain from external reconnaissance to impact, including stealth, persistence, and full attack emulation. Assumed Breach engagements are often shorter and more surgical in scope.
What kind of access do you require for this test?
Depending on whether the engagement is Black-Box or Grey-Box, we may require minimal to moderate access, such as limited credentials or basic network information. Authenticated testing will require access to internal user accounts to simulate compromised credentials.
