Assumed Breach Assessment

The Assumed Breach Assessment service simulates a real-world network intrusion, starting from an established foothold. This helps your organisation evaluate its ability to detect, contain, and respond to a cyber attack aimed at accessing sensitive data or escalating privileges.

Contact our Cyber Security Expert

What is Assumed Breach Assessment?

Assumed breach is a security assessment methodology that simulates a real-world cyber attack by starting from a pre-established foothold within your network. This foothold represents a successful intrusion by a real attacker, allowing us to focus on evaluating your organisation’s ability to detect, contain, and respond to an ongoing attack aimed at achieving specific objectives. This objective could involve actions such as: 

  • Compromising a critical system: Simulate an attacker’s attempt to gain unauthorized control of a system vital to your operations. 
  • Gaining unauthorised access to sensitive data: Test your defences against an attacker trying to steal confidential information like customer records or financial data. 
  • Escalating privileges: Evaluate your security measures against an attacker attempting to elevate their access level within your network to gain broader control. 

What we do

Unlike traditional red teaming exercises that simulate the entire attack lifecycle, an assumed breach assessment focuses on a critical stage – the post-breach scenario. We begin with a pre-established foothold within your network, mimicking a situation where an attacker has already bypassed your perimeter defences. 

This targeted approach allows you to: 

  • Evaluate Your Detection & Response Capabilities: Focus on testing your security team’s ability to identify, contain, and remediate an ongoing attack within your network. 
  • Validate Your Security Controls: Assess the effectiveness of your existing security measures in detecting and mitigating attacker actions after a breach. 
  • Refine Your Incident Response Plan: Gain valuable insights into how well your incident response procedures function during a real-world attack scenario. 

Our security professionals leverage their extensive experience to employ a wide range of attacker tactics, techniques, and procedures (TTPs) throughout the assessment. This ensures your team encounters realistic threats and can refine their response capabilities to address the ever-evolving cyber threat landscape. 

Need help with cyber security solutions? We are experts!

Assumed Breach ASSESSMENT Phases

Untitled design (18)

Planning and Scoping

We work collaboratively to define specific objectives for the assessment. These objectives might involve testing your response to particular attack vectors or evaluating your team’s effectiveness in containing a specific type of breach scenario. We also establish the scope of the assessment, clearly outlining the areas of your network or systems that will be included in the simulated attack. 


Untitled design (25)

Assumed Breach

In collaboration with you, we establish a pre-established foothold within a designated area of your network. This simulates a scenario where an attacker has already bypassed your perimeter defences. This access typically has minimal access or privilege and is intended to be as realistic as possible. 

Untitled design (27)


The red team acts as the adversary, employing various attacker tactics, techniques, and procedures (TTPs) to achieve specific objectives without being detected. The focus is on expanding their presence within the target environment. They move laterally through the network, attempting to gain access to sensitive data or critical systems. This phase helps assess the organisation’s ability to detect and respond to intrusions and to determine the extent of the damage an attacker could cause if undetected. 


Debriefing and Reporting

After the assessment, the red team prepares a detailed report documenting their findings, methodologies, and recommendations. The report highlights the vulnerabilities discovered, the techniques used, and potential impacts. It also includes actionable recommendations to help the organisation improve its security defences. A debriefing session is conducted with the organisation’s stakeholders to discuss the findings and ensure a clear understanding of the assessment’s outcomes. 



We have documented frequently asked questions about our assumed breach assessment service. If you cannot find the answer to your questions, please do get in touch directly. We’ll be happy to help.

Traditional Red Teaming simulates the entire attack lifecycle, testing your defences from initial reconnaissance to achieving objectives. An assumed breach assessment focuses on a scenario where an attacker has already gained access, evaluating your ability to detect and respond to an ongoing attack within your network. 

An assumed breach assessment can be a more targeted and efficient approach for specific needs. It prioritizes testing your response to an ongoing attack, a critical gap in many organizations’ security posture. Additionally, assumed breach assessments are often a shorter engagement compared to a full red team assessment, making it a potentially more cost-effective option. 


The goal of an assumed breach assessment is to identify vulnerabilities and weaknesses in an organisation’s security infrastructure and help improve its overall response and security posture. 

Typically, this is done without their knowledge, however the level of awareness can vary and can be tailored to your requirements. 

Penetration testing focuses on identifying as many vulnerabilities as possible, while an assumed breach assessment simulates real-world attack scenarios and evaluates your response to an attack leveraging those vulnerabilities. 

Assumed breach assessments are conducted by experienced cybersecurity professionals who specialise in offensive security techniques. 

Deliverables usually include a comprehensive report detailing the vulnerabilities identified, exploited attack paths, and recommendations for improving security defences. 

Yes, assumed breach assessments can be performed on cloud-based environments to assess the security of cloud services, configurations, and access controls. 

By simulating real-world attacks, an assumed breach assessment helps organisations identify gaps in their incident response processes and provides an opportunity to practice and refine their response procedures. 

Post-assessment activities may include remediation of identified vulnerabilities, training and awareness programs for employees, and ongoing monitoring and testing to maintain security readiness. Additionally, an assumed breach assessment can be an initial step towards completing a red or purple team exercise in the future. 

Assurance service

How are Dionach positioned to help Your Organisation?

Dionach is a cybersecurity company that specialises in providing comprehensive security services to organisations of all sizes. Dionach assists organisations with assumed breach services by helping them proactively identify vulnerabilities and weaknesses in their security measures. They offer expertise in continuous monitoring, threat detection, and incident response planning to ensure organisations are better prepared to respond effectively to security breaches. Overall, Dionach’s 24 years experience and expertise in cybersecurity can help your organisation improve its security posture and protect against cyber threats.


We deliver the whole spectrum of cyber security services, from long-term, enterprise wide strategy and implementation projects to single penetration tests.

Our team works with you to identify and assess your organisation’s vulnerabilities, define enterprise-wide goals, and advise how best to achieve them.

Our recommendations are clear, concise, pragmatic and tailored to your organisation.

Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Find out how we can help with your cyber challenge



Breaking into the Cloud: Red Team Tactics for AWS Compromise

Traditionally, Red Teaming has always put an extensive focus on environments with an on-premises network managed by Active Directory. The MITRE ATT&CK framework ( includes a number of TTPs for these environments, such as the exploitation of Active Directory-specific services and scenarios (e.g. Kerberos, NTLM issues, escalation to Domain Admins). However, nowadays a large number […]

The Growing Cybersecurity Risks of AI and Mitigations: External and Internal Threats

As artificial intelligence (AI) continues to advance and permeate various industries, it brings about significant benefits and transformative capabilities. However, along with its tremendous potential, AI could also impact organisations’ cyber risk profile by introducing new risks which have not been previously considered. In this article, we will explore the growing threats associated with AI, […]

How to classify sensitive data within your organisation (2/2)

In this second part of our two-part blog we will discuss the requirements to correctly classify your data. Following on from part one once the identification and classification of your data has been completed you need to focus upon data handling. Establish Data Handling Requirements There are numerous forms of technical, operational and management controls […]
Contact Us

Contact Us React out to one of our cyber experts and we will arrange a call