I’m no world-class hacker/penetration tester, but I’ve been able to break into any organization I’ve been (legally) hired to do so in an hour or less, except for one place that took me three hours. That was on my second engagement with the customer after it had implemented many of the protections I had recommended during my first visit.
Hackers and pen testers typically have areas of specialization. Some hack point-of-sale terminals, some hack web servers, some hack databases, and some specialize in social engineering. My own area has been focusing on computer security defense appliances—followed by hijacking elevated service/daemon accounts once I was in. This combination allowed me to break into about 75 percent of my targets. Sure, there were many other weaknesses, but this one was so prevalent I always went after it first.
Source: Infoworld.com | Security