According to NIST SP 800-115, during a black hat test (or covert security test) the IT staff of the systems in scope are not informed about the tests (as opposed to a white hat test), but only upper management (or other relevant parties). This type of test is used for examining IT staff response to security incidents.