Like any profession, tools are necessary in our line of work. This talk is not bashing people for using tools. Instead, I am proposing that there is too much of a reliance on the output of tools in penetration testing. And that an understanding of the underlying technologies is more important than knowing the latest tool that came out with a fancy GUI. This talk will be pretty short. I really will focus on something simple: the output of a tool we all usenmap. Nmap is gereat, do not get me wrong. But solely relying on nmap output to plan your next move is not the greatest idea. The reason I say this is nmap interprets the results for you before you interpret its results. It places a layer of abstraction between you and the information you need to plan your next move. I would like to suggest not relying on just the output of a scan. I would like to propose say after you get an nmap scan sending the same type of packets using scapy and looking at the header fields in the returned packets or running tcpdump while the nmap scan runs and looking at the packets that replied to your scan. I would like to propose that far too many pentesters rely on unreliable output of tools rather than having a deep understanding of the protocols and systems they are testing. I will give short talk about the differences between tools and techniques, show some techniques to dig deeper and sum it all up with a story from an assessment I was on when I came up with this talk idea.