A team of IT security professionals try to evaluate a system from an attacker’s perspective. The overall security posture of the system is assessed using similar tools and methods an adversary would use when formulating attacks.