Post-exploitation is an often overlooked aspect of penetration testing. In the past, many even considered the job to be complete the moment that shell access is gained on a remote target machine. Goal-oriented pentesting will require more than this. There must be a specific goal, such as accessing a critical database or obtaining key credentials that will allow an attacker to read private corporate e-mails, for the penetration test to be of value. Business owners and managers are concerned with protecting the confidentiality, integrity, and availability of their assets and data. Reporting that a random system was easily compromised means very little compared to providing tangible proof that an attacker could effortlessly ...