Seen via carnal0wnage
Paper presented in BlackHat DC 2011 that describes the methods used in real data exfiltrations.
I agree with the comments. Companies tend to only accept a pentest focused only in some reduced systems and with small time frames instead of conducting a full scope exercise.
An attacker that really wants your secrets will use all the resources available to gain access to your network and will not care about time (keeping a foothold for many months).