front matter
My name is Royce Davis, and I’m a professional hacker, red teamer, penetration tester, offensive security guy--we go by many names in this industry. For the past decade and change, I have been offering professional adversarial emulation services to a wide spectrum of clients in just about every business vertical you could imagine. Throughout that time, there has been no question in my mind which service companies are most interested in paying professional hackers to conduct. I’m talking, of course, about the internal network penetration test (INPT).
The INPT is a complex enterprise engagement that can easily be summarized in a few sentences. An attacker (played by you) has managed to gain physical entry to a corporate office using any one of numerous and highly plausible techniques that are intentionally absent from the scope of this book. Now what? Armed with only a laptop loaded with hacker tools, and with no up-front knowledge of the company’s network infrastructure, the attacker penetrates as far as they can into the company’s corporate environment. Individual goals and objectives vary from engagement to engagement, company to company. Typically, though, a global domination scenario where you (the attacker) gain complete control of the network is more or less the primary objective driving an INPT.