Sony hacked, the IMF hacked, Citibank hacked. How the hell are they doing this stuff? A lot of these capabilities come with the pre-packaged pen test frameworks, like Metasploit, and “hacker” OSs like BackTrack.
One of my contacts sends me this interesting like to an InfoWorld article on these kits:
http://www.infoworld.com/d/security/penetration-testing-the-cheap-and-not-so-cheap-050
And of course registered users of this site can follow my series “Using BackTrack” by logging in.