Pen Test Partners' Attack Surface Assessment (ASA) is a professional security service that identifies and evaluates an organisation's external attack surface from the perspective of a threat actor. Unlike traditional penetration tests with tightly defined scopes, the ASA begins with the organisation's name and primary domain, then expands to cover affiliated domains, brand names, and recently rebranded entities as relevant. The assessment covers technical asset discovery as well as broader organisational intelligence, including: - Supplier relationships and third-party dependencies - Cloud services and technology stack in use - Geographic operational footprint - Staff identity and contact information - Breached or exposed credentials on the dark web - Threat actor activity targeting the organisation or its data Beyond asset enumeration, the ASA incorporates threat actor analysis to identify who is likely targeting the organisation and the Tactics, Techniques and Procedures (TTPs) they would use during reconnaissance, resource development, initial access, and execution phases. The findings are contextualised into threat actor scenarios that describe, at a high level, which systems are likely to be targeted and what attack types may be used. These scenarios are risk-assessed and can optionally serve as the basis for a Red Team simulation exercise. The service is designed to surface systems and exposures that may not be within an organisation's active management oversight, providing visibility into what threat actors can observe from a public vantage point.