Under the Hoodie

Actionable Research from Penetration Testing Engagements

Back rooms. Black metal. Two shadowy figures furiously hacking away on the same keyboard at the same time. Thanks to its seemingly sinister objective – breaking into enterprise networks – penetration testing is often considered a dark art. But people just need to get to know it better.

In our latest research paper, “Under the Hoodie: Actionable Research from Penetration Testing Engagements,” we shed light on the “dark art” by revealing the process, techniques, and tools that go into it, as well as the insights you can expect to come out. Based on the results of 100+ pen tests, as well as the real-world experiences of our engineers and investigators, our research reveals the most commonly exploited vulnerabilities, the most commonly leveraged network misconfigurations, and the most effective methods we've found to compromise high-value credentials—all to determine countermeasures you can take to best detect and prevent the truly sinister folks from breaching your network. 

Download the report now, then get even more insight on our findings:

Interesting. So what?

Good question. Join our webcast to find out what these findings mean for your organization.

Register Now

Under the Hoodie Webcast: Watch it Now On-Demand

Join the researchers as they dive deeper into the findings and reveal what you can do to better secure your environment. 



Under the Hoodie Videos: True Stories from Rapid7 Pen Testers

Each year, Rapid7 pen testers complete more than 1,000 assessments. We've collected just a few stories to give you some true insight into what goes on beneath the hoodie.

The Bank Job

This real-life story of social engineering owes its success to holes—some figurative, and some big enough to walk through. Find out how our makeshift MacGyver bypassed a bank’s security checkpoints to make a devious deposit that helped him hack from the parking lot.

The Bank JobRemote ControlOne Man’s Junk Is Another Man’s TreasureYou Had Me Before HelloHack Thy NeighborPicked Off on the KickoffPwned You Twice


Penetration Testing Toolkit

A penetration test is often a key requirement for compliance and regulations. This toolkit provides an introduction to the core principles and best practices of penetration testing, and how it fits into a larger security program.

View now


Penetration Testing Services Brief

View now

Looking to simulate an attack on your network?