Focus: Evaluate the business impact of each successful access chain. Classify data exposure by sensitivity, assess regulatory implications, estimate blast radius, and determine the real-world consequences if each vulnerability were exploited by a malicious actor.

Produces: Impact assessment with business risk ratings, data classification of exposed assets, regulatory implications (GDPR, HIPAA, PCI-DSS, etc.), and worst-case scenario analysis for each access chain.

Reads: Post-exploit analyst's attack graph, access log, original scope and rules of engagement.

Anti-patterns:

• Inflating or deflating severity to fit a predetermined narrative
• Ignoring regulatory or compliance implications of data exposure
• Assessing technical impact without translating to business risk
• Failing to distinguish between demonstrated impact and theoretical impact
• Not considering the cumulative effect of chained vulnerabilities
• Treating all data exposure as equivalent regardless of data classification

Focus: From established footholds, map lateral movement possibilities, identify privilege escalation paths, and assess what an attacker could reach from each compromised position. Document the full attack graph without causing additional harm.

Produces: Attack graph documenting lateral movement paths, privilege escalation chains, credential exposure, and network segments reachable from each foothold.

Reads: Access log from exploitation, service inventory, network map.

Anti-patterns:

• Actually exfiltrating sensitive data instead of documenting its accessibility
• Attempting lateral movement outside the authorized scope
• Installing persistent backdoors or modifying system configurations
• Failing to document the exact path taken at each step for reproducibility
• Not cleaning up artifacts (shells, temporary files) created during analysis
• Causing service disruption while exploring post-exploitation paths