Methodology

Reconnaissance
Collection and collation of publicly available information on the target organisation, relating to business structure, employees, technical footprint, and security controls in use.
Initial
Foothold
Technical vulnerability exploitation and/or social engineering used to gain a “foot in the door”.
Lateral
Movement
Leveraging weaknesses in the network, systems, and security controls, to compromise additional assets, with the goal of obtaining high privileges across the IT estate.
Impact Demonstration
Identification of specific adverse impacts that would be of interest to threat actors and safely demonstrating how they can be achieved, given the control of the network.
Analysis 
& Debrief
Reviewing security deficiencies identified along the attack path to provide remediation guidance.