Pivoting refers to method used by penetration testers that uses compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines. For example, an attacker compromises a web server on a corporate network, the attacker can then use the compromised web server to attack other systems on the network. These types of attacks are often called multilayered attacks. Pivoting is also known as island hopping. White Box Method In penetration testing, white-box testing refers to a methodology where a white hat hacker has full knowledge of the system being attacked. The goal of a white-box penetration test is to simulate a malicious insider who has some knowledge and possibly basic credentials to the target system. Grey Box Method Gray-box testing is a combination of white-box testing and black-box testing. Aim of this testing is to search for the defects if any due to improper structure or improper usage of applications. In the context of the CEH this also means an internal test of company networks.