A security test where the auditor will gain as much access as possible using the same techniques cybercriminals use.