I think this sort of just points to modern security tooling is more-or-less redundant: The leads in the title "Loose on an internal network"... don't do that. You will never, ever, ever configure everything on your network to be 100% safe, keep everything up to date, etc. Crowdstrike, Sophos, don't care- you can't run anything that will catch everything, so the answer is boring: Isolate and prevent any intrusion to begin with. Limit external connections, use sane firewalls, don't depend on cloud infra, and KISS.

If this didn't work, every single small to medium business would be a malware aquarium - and while some are - generally most are fine because the boring, basic stuff and not going out of your way to misconfigure the hell out of things or give anything more permissions than necessary is 95% of the battle. Have guests using your wifi? Have a guest wifi (Vlan) for them. Congrats, you're not already doing better than like 2/3 of easy targets.

Like, this would be interesting if if was "We told OpenClaw our external IP and said go to town" but some insecurity in the internal network is often just outright necessary to not be a total PITA when doing day-to-day operations.

This can still be a useful testing idea for some orgs, but I feel like the applications are very, very limited.