Information disclosure levels
How much information the Client provides before testing begins.
Full DisclosureThe Client provides detailed information about in-scope environments, such as architecture, diagrams, and target lists. This option maximizes efficiency and depth of coverage by allowing Vilkas to focus testing on known assets while collaborating closely with the Client’s team.Semi-BlindThe Client provides limited technical details (for example, IP ranges or application URLs) after initial discovery. This option balances realism and efficiency when the Client wants Vilkas to perform some discovery while still constraining scope and effort.BlindThe Client provides little to no technical information before testing, and Vilkas relies primarily on publicly available information and testing‑derived data to discover and profile targets. This option best simulates the reconnaissance phase of a real-world external attacker.HybridVilkas begins with limited or no information and transitions to a more cooperative, full‑disclosure posture once testing activity is identified by the Client’s monitoring or incident response teams. This option is appropriate when the Client wants both realistic attacker behavior and comprehensive coverage once detection occurs. Evasiveness levels
How stealthy Vilkas will be during testing.
Non-EvasiveTesting is not intentionally concealed from the Client’s monitoring, IDS/IPS, or service providers. This option is typically used alongside full‑disclosure engagements to maximize coverage, speed, and visibility into findings.EvasiveVilkas uses techniques intended to avoid or delay detection by the Client’s monitoring and security controls. This option is appropriate when the Client wants to validate the effectiveness of existing detection and response capabilities, such as an MSSP, SOC, or IDS/IPS deployment.Hybrid-EvasiveVilkas begins with evasive techniques and shifts to non‑evasive operation once testing is detected or at a defined point in the engagement. This option provides a balance between assessing stealthy attack paths and ensuring comprehensive testing once coordination with the Client’s team is established. Post-remediation testing: Post-remediation testing to confirm the effectiveness of the Client’s corrective actions and updated security controls is included in all test scopes.