Assumed Breach - Strengthen Your Defence Capabilities

What is an Assumed Breach Exercice?

An Assumed Breach exercise tests an organisation's detection and response capabilities based on the assumption that an attacker has already successfully penetrated the information system. The objective is to test security measures and response processes when an attack is already underway, in order to measure their effectiveness in a critical context.

At the end of the exercise, a detailed report is provided. It describes the scenarios tested, the actions taken by the auditors, the detection capabilities observed, and the strengths and weaknesses in incident management. These results are accompanied by operational and strategic recommendations to strengthen overall resilience and optimise the organisation's defence posture in the event of a compromise.

Scenarios

Examples of Assumed Breach Scenarios

We simulate realistic compromise scenarios to assess the potential impact of an intrusion and test your detection, response and resilience capabilities. Each exercise is tailored to your business challenges, your level of maturity and the most likely threats to your organisation.

Compromised user account (with SSO access)

This exercise simulates the takeover of a user account with SSO access. We analyse the associated permissions, the configuration of authentication mechanisms and possible compromise scenarios: access to connected applications, privilege escalation or pivoting to other systems.

It measures the real impact of such access and assesses the ability to detect and respond to an intrusion. The exercise highlights IAM weaknesses and provides recommendations for reducing the attack surface, limiting privileges, and strengthening monitoring.

Exploitation of a vulnerable server exposed to the Internet

This exercise simulates the exploitation of a vulnerability on a server accessible from the internet. We analyse how an attacker could gain initial access, then assess the possibilities for pivoting to other critical systems, elevating privileges, or accessing sensitive data.

The objective is to measure the real impact of an exposed vulnerability and identify detection gaps. The exercise provides recommendations for reducing the attack surface, strengthening exposed services, and improving monitoring.

Pivot on the network from a compromised machine

We start with a compromised internal machine and explore the possibilities for lateral movement: network exploration, exploitation of internal services, privilege escalation, or access to critical environments.

This exercise allows us to visualise the potential impact of a local compromise, test the detection of abnormal behaviour, and guide actions to strengthen segmentation, reduce privileges, and improve network visibility.

Compromised DevOps environments

We simulate the compromise of DevOps tools or environments (CI/CD, secrets, registries) to assess how an attacker could manipulate pipelines, retrieve secrets or inject code into the software chain.

This exercise highlights risks to code integrity and the supply chain. It allows us to target priority measures: securing access, hardening pipelines, protecting secrets, and improving the detection of malicious manipulation.

get a quote for an assumed breach exercise

They trust us

Many organisations ask us to assess their ability to detect and contain a breach. Our Assumed Breach exercises can be used in a variety of contexts: validating detection systems, testing incident response procedures, strengthening the resilience of critical systems, or preparing for advanced threats.

Assumed Breach Methodology and Phases

Defining the objectives of the exercise

Before starting the exercise, we work with your teams to define the objectives, including the scope (systems, users, environments), priority threat scenarios, operational constraints and success criteria. This step ensures alignment with your business objectives and critical risks, and helps define performance indicators.

Scenario selection

We select and customise scenarios based on the organisation’s threat profile and maturity. Each scenario is adapted (both technically and operationally) to ensure realism and relevance.

Reconnaissance and mapping

Targeted analysis phase from the initial foothold: identification of possible attack paths, discovery of application dependencies and mapping of accessible critical assets. This step guides exploitation activities and identifies priority controls to be tested.

Exploitation and lateral movement

Auditors simulate realistic offensive actions from the point of compromise: lateral movement, privilege escalation, persistence and simulated data exfiltration.

Reporting and recommendations

At the end of the exercise, we deliver a structured report: executive summary, technical description of the scenarios and vectors exploited, evidence and attack timeline, and a prioritised remediation plan (quick wins and strategic actions).

CUSTOMER TESTIMONIALS

"Intersport has been working with Vaadata for over seven years. We particularly value their technical expertise, professionalism and the quality of their customer service. Their ability to understand our challenges and propose tailored solutions has enabled us to strengthen the security of our systems, particularly through their penetration tests and cybersecurity advice. Vaadata is now a trusted partner whom we highly recommend."

Michaël A.

Head of Organisation and Information Systems, INTERSPORT

"On the recommendation of a fellow CIO, I commissioned Vaadata to carry out an initial penetration test in 2020, and from 2021 onwards, I decided to extend this collaboration to cover each of our solutions on an annual basis. What particularly impressed me, beyond their expertise, was the flexibility of their teams and how easily they communicated, particularly with our development teams. This has really facilitated our collaboration and enabled us to achieve even more effective results. The sharing of information is outstanding."

Jean-Philippe F.

Head of Information Systems, ITESOFT

"We have been working with Vaadata since 2018. I appreciate their approachability, their commitment to providing advice and the quality of their technical expertise. With every project, their teams help us take our security maturity to the next level. Their support was particularly crucial in helping us achieve our SOC 2 certification. Vaadata is now a trusted partner we can rely on to address our security and compliance challenges."

Thomas L.

Head of IT, Security and Compliance, DATAGALAXY

"We have no hesitation in recommending Vaadata to other businesses. Their technical expertise, methodological rigour, ability to identify complex vulnerabilities and, above all, the quality of their remediation recommendations make them a trusted partner."

Ouadia L.

CEO, RANDOM TEAM

“What I really appreciated were the technical discussions. We were able to challenge each other’s views, discuss the severity levels and compare our interpretations. Nothing was set in stone. It was a truly collaborative effort, which I found very enjoyable.”

Ayoub H.

Senior Security Engineer, VESTIAIRE COLLECTIVE

About Vaadata

Conduct an Assumed Breach Exercise with Vaadata, a Company Specialising in Offensive Security

Vaadata designs and executes tailored Assumed Breach exercises, focused on simulating an active compromise within your environment. Rather than testing only entry points, our scenarios start ‘from the inside’ to measure detection capabilities, speed of containment and the effectiveness of remediation procedures.

ISO 27001 and ISO 27701 certified and CREST accredited, we apply rigorous governance and confidentiality standards throughout the exercise. These accreditations ensure secure execution in line with the expectations of business stakeholders and technical teams.