background image

I N T R O D U C T I O N  

Imagine that sometime in the not-so-distant future an 
attacker decides to attack a multinational company’s 
digital assets, targeting hundreds of millions of dollars 
worth of intellectual property buried behind millions 
of dollars in infrastructure. Naturally, the attacker 
begins by firing up the latest version of Metasploit.

After exploring the target’s perimeter, he finds a soft spot and begins a 
methodical series of attacks, but even after he’s compromised nearly every 
aspect of the network, the fun has only just begun. He maneuvers through 
systems, identifying core, critical business components that keep the com-
pany running. With a single keystroke, he could help himself to millions of 
company dollars and compromise all their sensitive data.

Congratulations on a job well done—you’ve shown true business impact, 

and now it’s time to write the report. Oddly enough, today’s penetration 
testers often find themselves in the role of a fictitious adversary like the one 
described above, performing legal attacks at the request of companies that 


 high levels of security. Welcome to the world of penetration testing and 

the future of security.