Penetrating testing

Two tools used in penetration testing

Penetrating testing refers to the practice undertaken by expert hackers to find the vulnerability in the system before they launch their attacks (Kim, 2018). It is a process that not only requires smart thinking, but it also demands some level of patience as well as a little luck. Penetration testing is a complicated process that can just be completed if professional hackers have got tools that facilitate the process. There are many tools, but I chose to discuss the CME as well as Luckystrike

  1. CME

It is also known as the CrackMapExce. It is a post-exploitation tool that helps in the process of assessing the security of the large directory networks (Denis, Zena & Hayajneh, 2016). anA hacker known as byt3b133d3r authored it. It is a tool that follows the approach of living off the land through the process of abusing built-in active directory protocols to realize its functionality that allows evading the endpoint protection solutions

  1. Luckystrike

It is generated from the curi0usJack. It is a generator of a malicious excel as well as the word documents. It has the strength to work with the standard commands, excels PowerShell scripts.

Values and two limitations of pen testing

Advantages of penetrating testing

  • It is important to realize that penetrating testing enables the organization to accurately estimate the ability to defend its networks, applications, and users from the external and internal attempts to dodge the security controls for the achievement of privileged access.
  • It protects the organization’s customer loyalty and image by avoiding data incidents that potentially puts the organization’s reputation at risk

Disadvantages of penetrating testing

  • They can cause a lot of damages to the organization especially if they are not conducted in the right way because it is a way of inviting someone to hack your system
  • The result can also be misleading if realistic without test conditions. Remember a genuine attack will come spontaneously without any warning in creative ways that are hard to plan and detect




Kim, P. (2018). The Hacker Playbook 3: Practical Guide To Penetration Testing. Independently published.

Denis, M., Zena, C., & Hayajneh, T. (2016, April). Penetration testing: Concepts, attack methods, and defense strategies. In 2016 IEEE Long Island Systems, Applications, and Technology Conference (LISAT) (pp. 1-6). IEEE.