Which element is not typically part of a penetration test assessment unless specifically requested by the customer?

In the context of penetration testing, the primary focus is on assessing systems, networks, and applications for vulnerabilities that could be exploited by an attacker. Each of the potential elements of a penetration test assessment serves a specific purpose in evaluating security postures.

Threat intelligence is generally not included in the standard scope of a penetration test unless explicitly requested by the client. While threat intelligence can provide valuable context about potential adversaries, tactics, techniques, and attack vectors, it typically pertains to an organization's broader security strategy rather than the focused, hands-on approach of a penetration test. Penetration tests are aimed at identifying and exploiting vulnerabilities in specific systems as they exist at the time of the test, rather than analyzing external threat landscapes or intelligence. As a result, while useful, threat intelligence does not form a core component of the penetration testing process unless it's needed to meet specific client objectives or scenarios.

In contrast, other elements like permissions, facility considerations, and assets are integral to the penetration testing framework. Permissions are essential to define the scope of what systems can be tested, facility considerations might involve physical security aspects that could influence the test execution, and recognizing assets helps in identifying what needs to be tested and understanding the security context of those assets. Therefore, threat intelligence stands