When we lack the capability to understand our tools, we operate at the mercy of those that do. Penetration testers make excellent targets for bad actors, as the average tester’s awareness and understanding of the potential risks and vulnerabilities in their tools and processes is low, and the value of the information they gather and gain access to among their client base is very high. As demonstrated by Wesley’s DEF CON 21 talk on vulnerabilities in penetration testing devices, and last year’s compromise of WiFi Pineapple devices, the tools of offensive security professionals often represent a soft target. In this talk, operational security issues facing penetration testers will be discussed, including communication and data security (not just “bugs”), which impact both testers and clients. A classification system for illustrating the risks of various tools is presented, and vulnerabilities in specific hardware and software use cases are presented. Recommendations are made for improving penetration testing practices and training. This talk is intended to be valuable to penetration testers wanting to protect themselves and their clients, and for those who are interesting in profiling weaknesses of opposing forces that may use similar tools and techniques.