You might not know it based on the hype and marketing dedicated to APTs and vulnerabilities, but most criminals don’t need to target software or use fancy tactics to ruin a network and compromise sensitive data.

Josh Abraham, a practice manager for Praetorian, recently compiled a report on common attack vectors used during 100 pen test engagements at 75 different organizations between 2013 and 2016.

“We compiled this paper to detail the top internal attacks we used over the past three years that resulted in Praetorian achieving its objectives. Common objectives include achieving a sitewide compromise and/or access to sensitive information the client requested we gain access to.”