A method of carrying out a penetration testing campaign of a networked system by a penetration testing system comprising (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system. In embodiments, at least the following is performed at the remote computing device: a target network node of the networked system on which the RASM is installed is selected; based on the target network node, a potential vulnerability that may compromise the target network node is selected; internal data of the target network node is received; and a validation step is performed. The validation is (i) carried out in a manner which does not expose the target network node to a risk of being compromised and (ii) is based on the received internal data of the target network node.