The tester is given a certain amount of information in advance. This type of penetration test can simulate a malicious insider or see what an attacker can do with a low level access. In this scenario, the tester typically spend less time on reconnaissance and more time for looking for misconfiguration and attempting exploitation.
The information given like:
- List of in scope ip addresses/ranges.
- low-level credentials to a web application or active directory.
- some application network diagram.