Social engineering penetration testing, in my opinion, is the most adrenaline-filled type of testing. Social engineering is the art of manipulating basic human psychology to find human vulnerabilities and get people to do things they may not otherwise do. During this form of penetration testing, you may be asked to do activities such as sending phishing emails, make vishing phone calls, or talk your way into secure facilities to determine what an attacker targeting their personnel could achieve. I have personally obtained domain admin access over the phone, talked my way into bank vaults and casino money cages, and talked my way into a Fortune 500 data center.

There are many types of social engineering attacks, which will be covered later on in this book. Most commonly, you'll be tasked with performing security auditing on systems and networks. In the next section, we will discuss network penetration testing.