Concept of operation

The Concept of Operation (CONOPS) is a part of the plan that details a high-level overview of the proceedings of an engagement, comparable to an executive summary of a penetration test report. It can serve as a business/client reference and can be extended to further campaign plans.

There is no standard CONOPS document. Recommended is including at least:

  • Client Name

  • Service Provider

  • Timeframe

  • General Objectives/Phases

  • Other Training Objectives (Exfiltration)

  • High-Level Tools/Techniques planned to be used

  • Threat group to emulate (if any)