Use empirical data and evidence strategically to perform vulnerability scanning, social engineering and physical attacks, and post-exploitation techniques.
Examples: considerations and limitations of vulnerability scanning, scan identified targets for vulnerabilities, set scan settings to avoid detection, multiple scanning methods, Nmap, pretexting for social engineering or physical attacks, impersonation techniques, social engineering tools, methods of influence, post-exploitation tools, Pass the Hash, network segmentation testing, horizontal and vertical privilege escalation