In Chapter 6, “Impersonation,” we discussed using impersonation and pretexting in order to conduct our attacks. This gives us a better chance of moving about undetected, or at least unnoticed, but we may need to access more strongly secured areas in the facility. Even with the Zukin disguised as a network technician, we may still need to bypass a lock, clone a proximity card, or move through an area equipped with alarm sensors, all of which will need to be dealt with in turn.

We may alternately be entering an installation in a virtual sense, instead of a physical sense. When conducting network and system attacks, we want to look for a route that is less monitored and less secure, rather than being swept up with the rest ...