SERVICES
Internal Network
Penetration Testing
Internal network testing can help you understand
how an attacker would move through your internal network
should they breach your external defences. This type of
testing will help to harden your internal systems and limit
the impact that an attacker can cause when inside.
What is an Internal Network Penetration Test?
Your internal network is the non-public facing portion of your network. It is often overlooked as many businesses assume that the attacker will never breach the external perimeter. However, the attack surface is often so vast that it becomes very difficult to fully protect your network from a breach. A poorly secured internal network could lead to the theft of sensitive data, denial of service or active directory domain takeover.
As part of Internal Network Penetration Testing, we attempt to meet a number of objectives that we agree with you before the engagement, such as gaining access to a domain controller or a database storing sensitive information. We’ll document and prioritise any vulnerabilities found, and will include clear remediation steps that will help to better secure and protect your internal network.
Our internal network testing methodology is built upon the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). The vulnerabilities we look for vary depending on the technologies configured and the scope agreed with the client. Some of the typical activities undertaken include:
Findings are consolidated and prioritised in a report alongside clear remediation recommendations. The report is structured in a way that benefits stakeholders at all levels of technical understanding.
What Does Testing Involve?
Intercepting NTLM hashes using methods such as LLMNR Poisoning and IPv6 DNS spoofing
Active Directory lateral movement
Discovering any versions of software where an exploit may exist on the public domain
Using breached credentials to conduct credential stuffing, password spraying and brute-force attacks
Abusing misconfigurations to see if it could be used to an attacker’s advantage
Inspecting internal system policies
Testing firewall configurations
Why Predatech?
Qualified Security
Experts
Assessments undertaken by CREST Registered Penetration Testers.
Clear & Focused
Reporting
Findings reported in plain English and prioritised to help you focus on what really matters.
Competitive
Pricing
Competitive quotes tailored to your business with no hidden costs.
Remediation Support
& Validation
Complimentary remediation support and retesting to validate the effectiveness of any changes made.
Related Blogs
British Data Awards 2022 Update
Burp Suite for Web App Pentesting: Tool Showcase
Our Customer Promise
British Data Awards 2022 Update
Burp Suite for Web App Pentesting: Tool Showcase
Our Customer Promise
What is the OWASP Top 10?
Other
Services
Predatech offers a range of security testing services and products, from vulnerability assessments to penetration testing.
External Network Penetration Testing
Assess how resilient your external network perimeter is to a cyber attack and discover how to better secure it against attackers.
Internal Network Penetration Testing
Assess what actions an attacker could take if they were to breach your internal network and understand how to strengthen it against intruders.
Web Application
Penetration Testing
Assess the security of your web application to understand where vulnerabilities exist and how to remediate them to prevent exploitation.