Threat-based offensive security instead of compliance-based engagements, including but not limited to - 

OSINT of companies and its employees

Vulnerability Assessments & Reconnaissance for initial access

Active Directory enumeration & exploitation

Post-exploitation

Defense Evasion