top of page

Assume Breach

An Assume Breach is to evaluate your current security posture for when your external perimeter has been breached. The result can then be used to strengthen your infrastructure configuration or to tune your detection capabilities and assist you in creating a future roadmap that will have the greatest impact


Assume Breach is an exercise to improve incident response and security posture (in the organization)



Collaborative exercise between the us and the Blue Team – our goal is for the blue team to succeed!


Test your organization’s detection capabilities and resilience against modern advanced attackers



At the end of the simulation, the company will receive a full report containing an executive summary and details on the attack path taken by Banshie.

In addition to this, the company will receive a full overview of the actions performed by Banshie mapped to the MITRE ATT&CK framework.


These mappings can be used as part of the MITRE ATT&CK Service or internally to map out and document areas of improvement against future threats.

Banshie will also provide a full description and thought process behind the attack as well as key areas of improvement. The end deliverable will contain at least the following:

  • Executive Summary

  • Attack narrative incl. dates and timestamps

  • Technical details

    • Exploitable vulnerabilities found

    • Remediation and mitigation strategies

    • Indicators of Compromise for post-exercise analysis

    • Details on working and effective defenses

  • MITRE ATT&CK Mapping

  • Custom Proof of Concept code

  • Exercise walkthrough with the blue team.


In an attack simulation, the company will test its defenses and detection capabilities.

Banshie will perform a “closed book” test simulating a real threat attacking the organization.


Based on the assumed breach mentality we will simulate a real attacker based on real tools and techniques to train the detection and response readiness.

We will use the techniques and tools used by real attackers to demonstrate exploitable vulnerabilities and strong defenses present in the current security posture.

This will give an overview of which areas to improve.

The engagement follows the Cyber Attack Life cycle. However, the first part of the engagement is to get past the perimeter defenses which, in an assumed breach is skipped entirely.

This is to make sure the focus is on the internal security posture.

Ready to get started?

Our security experts are standing by to help you with an incident or answer questions about our consulting and managed detection and response services.

Banshie has a wide skillset and many years of experience in penetration testing and exploits development and is standing by to help you

bottom of page