Attempt to break in to systems by using publicly exposed knowledge, or with basic user credentials. In this type of security assessment, vulnerabilities are exploited, which can test defense in depth strategies and also expose additional vulnerabilities that require using a small low risk vulnerability to expose a higher risk vulnerability. This mimics what an actual hacker will do if they are trying to break in to your systems.