Threat-based offensive security instead of compliance-based engagements, including but not limited to - 

• OSINT of companies and its employees

• Reconnaissance, Discovery & Vulnerability Assessments for initial access

• Active Directory enumeration & exploitation

• Post-exploitation

• Defense Evasion