Target Identification. • Local scans, use ARP. • Remote test, use common ports, be sneaky. • RDP (!), SSH known_hosts, netstat, DNS. • Tools. • Nmap - ARP. Penetration Testing is an agreed form of audit between two parties and should be bound in writing defining the scope and nature of what is to be audited.