Internal Penetration Testing

The internal penetration test simulates an attack performed from inside the security perimeter of an organization. It aims to assess the impact of an attack carried out by a malicious insider such as a disgruntled employee. The process is always tailored to the client’s needs, but it usually involves the identification of vulnerable instances and exfiltration of critical information to the business.

Network Execution Methodology

Penetration testers carry out the testing via remote VPN access to the target network segment, a device on-premises, or an instance deployed by the client. Our methodology for internal penetration testing services includes:

Reconnaissance:

• Sniffing and passive information gathering 

• Analysing traffic

Discovery:

• Port scanning 

• System fingerprinting 

• Network scanning/host discovery 

• Services enumeration Vulnerability

Analysis:

• Exploit research Exploitation 

• Manual vulnerability testing and verification of identified vulnerabilities 

• Firewall and intrusion detection/prevention system testing 

• Password spraying with common and weak passwords

Post-Exploitation:

• Local system enumeration 

• Network enumeration and pivoting 

• Sensitive data identification 

• Exfiltration

EN