Phase 4
Expand Access
Expand Access is roughly equivalent to lateral movement and privilege escalation in traditional penetration testing. The job is to determine what the first foothold unlocks, how far it can be turned into meaningful impact, and how it can be used to gain access to additional areas, higher privilege, and more valuable systems or assets.
Focus
- Additional areas: Move beyond the first foothold into more sensitive rooms, departments, or secure zones.
- Privilege increase: Reach a higher level of trust, authority, or control than the initial access point provided.
- Restricted zones: Prove whether critical spaces can be reached in practice.
- Impact validation: Place devices, whether real or dummy, prove network access, or demonstrate approved theft scenarios when they are part of scope.
- Approved cyber transitions: If IT attacks are in scope, assess whether internal access enables network attacks or whether access control systems can be abused. In some environments, compromise of access control management software can be a practical way to elevate badge privileges.
Phase Output
- Access to higher-value areas or systems: A proven chain from the first foothold to more valuable targets.
- Privilege escalation evidence: The exact steps, controls, or systems that allowed access to expand.
Transition
Expand Access ends when the path from first foothold to higher-value access is clear. If the next question is whether that access can be kept over time, the next phase is Persistent Access.