An internal network penetration test simulates an attacker who has gained access to the network by breaching the organisation’s technical or physical perimeter, or a malicious insider who has legitimate network access. The test will assess the difficulty with which an attacker can escalate their privileges, with a goal of proving access to sensitive and confidential data on the network.
The test is usually conducted from a black-box perspective, simply connecting our laptop to your network. The test starts with enumerating devices on the network, then attempts to exploit vulnerabilities in order to escalate privileges. We will also target your Windows Active Directory domain, using a variety of techniques to gain access to valid user accounts. Our ultimate goal is to gain access to a Domain Admin level account and use this to demonstrate the risk posed by an internal attacker.
Your wireless network can expose your internal connection to anyone within range, allowing an attacker to gain access to the internal network without being inside the building. Our testing assesses whether it is possible to breach the security of the network and gain unauthorised access, and whether it is possible to hop from the Guest network to the corporate network. We will also assess the security of the wireless infrastructure.