Data exfiltration.
Name the target — credentials, a database, a file share, a mailbox — and AutoAttack proves whether the path exists by walking it.
Deploy →proven on GOAD
the credential store Black-box on the GOAD lab with no access given, AutoAttack exfiltrated the domain's credential database — 124 credentials — by replicating it the way a domain controller would.
0 vs 124 On identical ground an exposure-inventory tool recovered zero. The difference is carrying out the attack versus listing what might be possible.
captured, not inferred Every credential is backed by the captured output of the step that pulled it.
set any data goal Credentials are one target. The same goal-driven model lets you set a database, a file share, or a mailbox as the objective instead, and works toward it the same way.
how it reaches the data
get in AutoAttack starts from a foothold with no credentials and works inward — cracking a ticket, exploiting a web application, or reusing a leaked password to gain its first access.
reach the source It chains access until it reaches where the data lives: the domain controller for credentials, the database server for records, the file server for documents.
pull the data With access to the source it extracts the data the way an attacker would — replicating the credential database, dumping the records, reading the files.
prove it left Every extraction is captured as proof, so the finding is the data already in hand, not a theoretical exposure on a list.