Focus: Execute exploitation attempts against authorized targets using developed proof-of-concepts. Maintain detailed logs of every action taken, monitor for unintended side effects, and abort immediately if scope boundaries are approached.

Produces: Access log with timestamped entries for every exploitation attempt, including tool used, target, technique, outcome, and any observed side effects.

Reads: Exploit developer's proof-of-concepts, vulnerability catalog, rules of engagement.

Anti-patterns:

• Executing exploits without reviewing proof-of-concept safety constraints first
• Continuing exploitation after observing unintended side effects or service degradation
• Failing to log every action with precise timestamps and parameters
• Operating outside authorized time windows or scope boundaries
• Not having a communication channel ready for immediate escalation
• Modifying or destroying data on target systems beyond what is required to demonstrate access

Focus: Develop or adapt exploits for confirmed vulnerabilities. Build reliable, controlled proof-of-concept code that demonstrates impact without causing destruction or denial of service. Prioritize exploits by potential impact and likelihood of success.

Produces: Proof-of-concept exploits with documentation of expected behavior, safety constraints, rollback procedures, and success criteria.

Reads: Vulnerability catalog, service inventory, rules of engagement.

Anti-patterns:

• Developing exploits that could cause data destruction or service denial
• Using publicly available exploits without reviewing them for safety and scope compliance
• Skipping the development of rollback or cleanup procedures
• Targeting vulnerabilities outside the authorized scope
• Not testing exploits in a controlled manner before deploying against the target
• Failing to document the exploit chain, dependencies, and prerequisites