In External scenario, ECQ analyzes all possible attack vectors from an adversary point of view and execute all necessary hacking techniques to establish initial foothold to the target network.

ECQ also simulates attacks originating from external branches or partners' network to help an organization understand better the threats that are coming from a compromised system of a remote branch or third-party vendor.

Internal scenario penetration test helps an organization evaluate the risks of having a compromised system in the internal network and validate the effectiveness of internal security controls such as SOC/EDR/IDS.

In this scenario, ECQ uses its laptop to connect to any LAN point or WiFi network provided to attack and perform lateral movement. The objectives here are to gain administrative controls of the Domain Controller and breach mission critical systems of the target organization.

Credential or Valid Account scenario penetration test requires the Consultant to use a valid domain credential in an internal security assessment to try infiltrating deeper to the mission critical network segments via any LAN point or WiFi provided.

The objective of this scenario is to help an organization discover insecure trusts, excessive privileges, leakage of sensitive information, and weak security controls.

In this final scenario, ECQ tries to gain local access to the laptop or workstation provided; and if successful, escalate privilege to become the local administrator. This machine is then used to test installing unauthorized software and bypassing internal security controls.

This type of assessment helps evaluate security controls and policy such as Network Access Control, removable devices policy, and data leakage. Workstation scenario penetration test illustrates the potential impact of having a system stolen or compromised.