Unfortunately there is limited information on techniques and processes businesses can use to test their own servers against realistic DDoS attacks. This presentation will give techniques and process for simulating a DDoS attack against a companies own servers or similar systems as part of a penetration test. We will discuss DoS attack types, setting up the bots, performing the attacks, and administering the bots themselves. This presentation is technical in nature. We will also be linking to tools that can be used to perform the DoS attacks (along with tools we've written), AMI instance and Virtual Machines designed specifically for this type of testing, and a simple console we developed to administer the bot herder and bots. The techniques discussed in this presentation have been tested during assessments in which the target organization has asked us to perform DDoS attacks as part of a penetration test or using information gained from packet captures during incident response assessments of DDoS attacks.