Scenario-Based Simulation


Real-life assessments to evaluate prevention, detection, and response capabilities

If you measure the success of security operations by efficiency metrics alone, you fail to answer an important question that all security managers must answer: How well are people and controls preventing, detecting, and responding to cyber threats?

Scenario-based testing, conducted by Penteor's experienced team of consultants, can help verify the true effectiveness of your organization's capabilities. This is done by simulating a wide range of attack tactics and making recommendations to improve the protection of key assets.


The goal of Adversary Testing is to demonstrate the impact of a vulnerability on a host that propagates throughout the network and attempts to gain a privileged level of access within the enterprise network, typically "domain administrator". Testing includes vulnerability exploitation, username and password detection, lateral movement between connected and trusted systems within the test area and demonstrating evasion from compromised hosts. The goal is to illustrate the concept that "a chain is only as strong as its weakest link" and uncover security vulnerabilities that are not revealed by per-host vulnerability assessment or penetration testing.


Scenario-based testing is a specialized form of offensive security assessment. Unlike traditional penetration testing, which focuses on detecting vulnerabilities, scenario-based testing is used to compare the performance of cybersecurity controls against specific attacker tactics and behaviors.


Check the effectiveness of your security operations team.

Scenario-based testing is commonly used to assess your organization's ability to prevent, detect, and respond to threats. Unlike a Red Team Operation, which involves recreating a full-scale cyberattack, a scenario-based test is a more targeted type of assessment that often focuses on a specific attack tactic. Regular scenario-based testing creates a culture of continuous improvement and ensures that your security team is better prepared to address current and emerging threats.

Custom assessments

Scenarios and tactics that our consultants can replicate include:

  • Emulate Ransomware attacks
  • A supply chain compromise
  • Exfiltrate data by emulating an employee or contractor
  • Phishing campaign to harvest credentials or collect confidential information
  • Usage of custom malware that can perform specific actions.


The MITRE ATT&CK™ framework

Initial Access

Gaining a foothold in the target network using tactics such as spear phishing and supply-chain compromise.


Executing code on a target system once access has been obtained. Includes the abuse of legitimate applications and systems such as Control Panel items and PowerShell.

Privilege Escalation

Increasing permission levels to access additional parts of a compromised network through techniques such as hooking, process injection and access token manipulation.

Defense Evasion

Avoiding detection through techniques such as the disablement of security defences, prevention of endpoint inspection or bypassing of application whitelisting.

Credential Access

Seeking to gain access to or control a system or domain by obtaining legitimate credentials, including the use of brute force and credential dumping.


Acquiring knowledge of target systems and networks. Includes account, application, browser and directory reconnaissance techniques.

Lateral Movement

Traversing a network and gaining control of remote systems. Includes Pass the Ticket (PtT) and remote service effects techniques.


Identifying and gathering sensitive information through audio, keystroke, screen and video capture.


Removing files and information from the target network, often using a combination of compression, encryption and legitimate protocol abuse.

Command and Control

Establishing communication with target systems through the abuse of existing, legitimate protocols.

Discuss your cyber security needs