In an increasingly complex cybersecurity landscape, penetration testing plays a pivotal role in identifying vulnerabilities and safeguarding organizational infrastructures. While technical proficiency and structured methodologies are wellresearched aspects of penetration testing, the role of intuition remains largely underexplored. This thesis investigates how intuition influences decision-making in penetration testing, with a focus on the exploration and assessment of organizational attack surfaces. A structured literature review was conducted to analyze existing definitions of attack surface, resulting in a categorized framework that reflects the multifaceted nature of modern digital infrastructures. Complementing this, eleven semistructured interviews with professional penetration testers were performed to explore how intuitive cognition shapes their practical work. Thematic analysis revealed that intuition is not only a frequent companion to methodical testing but a vital tool. Factors such as professional experience, mentorship, and emotional resilience emerged as key contributors to the development of intuitive expertise. By integrating insights from cybersecurity, cognitive psychology, and decision- making theory, this thesis contributes a novel, interdisciplinary perspective on intuition in offensive security. The findings offer practical implications for training, team composition, and the broader understanding of expert performance in penetration testing.
| Date of Award | 2025 |
|---|
| Original language | English (American) |
|---|
| Supervisor | Johannes Edler (Supervisor) |
|---|
- Information Security Management
Intuition in Penetration Testing
Stahl, B. (Author). 2025
Student thesis: Master's Thesis