BOOK A DEMO

Internal Penetration Testing

An internal penetration test emulates the role of an attacker from inside the network. Our Security engineer will scan the network to identify potential host vulnerabilities. The engineer will also perform common and advanced internal network attacks, such as: LLMNR/NBT-NS poisoning and other man- in-the-middle attacks, token impersonation, kerberoasting, pass-the-hash, golden ticket, and more. The engineer will seek to gain access to hosts through lateral movement, compromise domain user and admin accounts, and exfiltrate sensitive data.

How We Do It

Our Methodology

All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v5), and customized testing frameworks.

Kick-Off-Meeting

Customer goals are gathered and rules of engagement obtained.

Discovery

We proceed to perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits

Vulnerability Analysis

Perform Automated and manual vulnerability discovery and correlate findings with threat intelligence.

Exploitation/Attack

Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.

Remediation Validation

We re-test vulnerabilities after fixes to validate security improvements and provide confirmation of closure

Reporting

Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.

Thorough Testing

Activities performed during internal penetration testing include, but are not limited to:

Vulnerability scanning and service enumeration

Password and pass-the-hash attacks

Shared resource enumeration

Pivoting attacks

Ticket attacks, such as silver tickets and golden tickets

Man-in-the-middle attacks (LLMNR/NBT-NS poisoning, SMB relaying, LDAP relaying, IPv6 relaying, etc.)

Hash cracking

Kerberoasting attacks

Other testing depending on specific customer content and footprint

See What We Can Do For You

Download a sample penetration test report to see the results we can deliver for your organization. 

DOWNLOAD

Cyber Threats Don’t Sleep. Neither Do We. Get Protected Now!

Talk To An Expert: +267 - 74657500

Ready to Get Started?

See How We Can Secure Your Assets

Let's talk about how cIG can solve your cybersecurity needs. Give us a call or submit your information below and our representative will be in touch to help you build a more resilient security operation today.

Call Us On: +267 - 74657500 | Email: info@cyberintrustionguard.com