In some examples, a system receives information traffic communicated over a network by or with a system under test (SUT), and analyzes the information traffic to identify a potential attack point in the SUT and a technology used by the SUT. The system determines a collection of penetration tests for testing a stack comprising a plurality of layers associated with the SUT based on the identified potential attack point and the identified technology, and further based on a dynamic knowledge base that includes information relating to vulnerabilities and threats.