Internal Infrastructure Penetration Testing

An internal infrastructure penetration test identifies vulnerabilities present whilst connected to your internal network infrastructure. This type of test will identify the potential impact that a rogue employee, contractor, guest, or malicious piece of software, virus, or malware would have on compromising internal hosts whilst connected to your internal network.. An attacker on the inside may gain access to and/or steal confidential information, disrupt services, and/or modify the integrity of information such as financial transaction data.

Internal Infrastructure Penetration Test Methodology

Core Sentinel uses a comprehensive internal penetration testing methodology based upon the Open Source Security Testing Methodology Manual (OSSTMM), the National Institute of Standards and Technology Special Publication 800-115 (NIST 800-115), and our own independent research. An internal penetration test normally includes the following:

Initially we will connect to your internal network without a valid user account to check for insecure network configuration, insecure protocols, and insecure services running, followed by a vulnerability discovery phase.

We will attempt to exploit discovered vulnerabilities, escalate privileges, gain access to sensitive data, as well as gain access to other networks from your corporate network.

A review of your workstation hardware and SOE configuration is performed in order to test for vulnerabilities in the operating system, browser, email, and other system software.

A password audit will be performed in order to identify weak passwords, and ineffective or unenforced password policies.

We provide a beautifully structured report which is easy to read at any level; containing an executive summary, followed by risk ranked vulnerabilities that were discovered in order of priority, how we were able to exploit them, and exact steps required to remediate in each instance.

What You Get

  • 1. Expert security consulting throughout the engagement from end-to-end.
  • 2. A comprehensive report with an executive summary, and a prioritised list of risk ranked vulnerabilities in order of remediation priority, detailing exactly why they are a risk and how to fix them.
  • 3. A manual re-test of vulnerabilities after remediation work is complete to verify they are closed off.

The following flow chart illustrates our quality controlled penetration testing process from the start until the end of the engagement: