What is your preferred pen testing scenario?

Posted to r/pentesting but the sub looks weird now, something strange with the moderation.. sharing here as well. When conducting a network penetration test, what's your preference with regard to starting points? In my experience I have had an appliance delivered on site with kali setup as a VM, as well as having clients generate new VM workstations of domain joined systems. I've had clients provide low level domain user credentials, as well as give us a couple of IPs and nothing else. Never once have we had a "real" workstation to start from. I feel like this would be the most realistic scenario for adversary simulation since our tools would be limited but the relevant artifacts for movement and privilege escalation would be there (real misconfigurations, files, etc). I always feel a bit uneasy to start with a kali box and domain user credentials as this just seems unrealistic. Maybe a good way to just test the technology directly at least but too much of a head start so to speak. What is your experience and preference? How do you approach clients about the setup for a PT? submitted by /u/greatwallofcrypto [link] [comments]
http://dlvr.it/SwT5Zt