Impact

The Impact phase of the attack can be used in the attack simulation to proof that a pre-defined goal has been reached. Attackers may use it to manipulate, interrupt or destroy a system (TA0040). We usually do not disrupt any service and try to define an alternative goal to proof a specific level of access without performing the destructive action.

Alternative ways to proof destructive access rights are for example access to the Domain Administrator Account or high privilege access to heavily protected systems. If a destructive action like encrypting a file-system is selected, then we typically tend to do this on a reference system instead of the production system.