Internal Penetration Testing
The internal penetration test simulates an attack performed from inside the security perimeter of an organization. It aims to assess the impact of an attack carried out by a malicious insider such as a disgruntled employee. The process
is always tailored to the client’s needs, but it usually involves the identification of vulnerable instances and exfiltration of critical information to the business.
Network Execution Methodology
Penetration testers carry out the testing via remote VPN access to the target network segment, a device on-premises, or an instance deployed by the client. Our methodology for internal penetration testing services includes:
Reconnaissance:
• Sniffing and passive information gathering
• Analysing traffic
Discovery:
• Port scanning
• System fingerprinting
• Network scanning/host discovery
• Services enumeration Vulnerability
Analysis:
• Exploit research Exploitation
• Manual vulnerability testing and verification of identified vulnerabilities
• Firewall and intrusion detection/prevention system testing
• Password spraying with common and weak passwords
Post-Exploitation:
• Local system enumeration
• Network enumeration and pivoting
• Sensitive data identification
• Exfiltration
