Testing security controls against realistic attacks is pivotal to ensure controls are working as expected. Human-centric breaches like phishing and social engineering are prevalent, and people are often the least controllable link in the security chain. Effective identity and access management (IAM) as both a capability and detection surface is essential to Zero Trust as compromised identities and access credentials provide significant value to attacks. Because of these factors, people are one of the most important places to test security controls. Security teams can use this tool to test Zero Trust people security controls, leveraging tactics and techniques from the MITRE ATT&CK framework.