During penetration testing, a significant amount of attention is (or should be) devoted to attacking the authentication process. In my experience testing networks and web applications I have noticed that it is common to be able to enumerate a system and obtain a list of users, which can then be used to launch password attacks and if successful can be used to gain access to a system. If the system happens to be a Windows network, then enumeration is easier and exploitation can be expanded by attacking flaws that exist within Active Directory/Kerberos and are not likely to be fixed.
Jake Miller is a penetration tester that mainly focuses on web applications but also enjoys hacking networks. I turn to Python and Powershell to solve most computer related problems. Outside of tech and security I like running, pool, and cards.