Phase 3

Initial Access

The goal of this phase is to gain entry to the target environment. Initial Access is the first credible foothold that moves the team from outsider to insider and proves the first real control failure that grants access to the premises.

Common Approaches

Daytime Operations

Social engineering
Tailgating
Pretexting

Nighttime Operations

Covert entry
Exploiting physical weaknesses

Phase Output

Confirmed access to the premises: The route worked, the foothold was real, and the team crossed the trust boundary.
Initial evidence: Which control failed, how access was achieved, and what became reachable immediately.

Transition

Initial Access ends when the first foothold is proven. The next question is what that foothold unlocks, which is the job of Expand Access.