Penetration Testing Dropboxes are dismissed by many clients and infosec pros because they require internal access to corporate network. The reality is that dropboxes are a very valuable tool because they can lower costs and gain efficiency testing. Penetration Testing Dropboxes fit perfectly with the Assume Breach approach; as pentesters can launch internal attacks to simulate an attacker with access to the network to uncover gaps in the corporate security posture from the start of the engagement, both red teams and blue teams win. This talk focuses on the different types of dropboxes, hardware additions, how to set up, and what attacks can be executed. Demos included.