An internal network penetration test is performed to help understand what an attacker could achieve with initial access to your internal network. This security assessment will can mirror insider threats, such as employees intentionally or unintentionally performing malicious actions. An internal infrastructure penetration tests assess components within your business that are present within the internal network. This is included but not limited to web servers, virtual servers, and physical servers on hardware. Endpoint devices (laptops, desktops and mobile phones) will be reviewed to ascertain the operating system versions, applications, user settings and policy controls.
Steps For Infrastructure Penetration Testing
Our experienced analysts will test the area(s) the client requires, using a combination of toolsets and techniques to identify vulnerabilities, information disclosure, misconfiguration, and various other attack vectors to compromise the host or network infrastructure. The analysts conduct high-level reconnaissance of all networking infrastructure and attempt to identify any critical infrastructure for the testing phase. All information identified throughout the reconnaissance stage is actioned, and the tester(s) conduct complete enumeration and, if required and approved, exploitation of target(s) to attempt to gain access to hosts, move laterally throughout the network and privilege escalate. The CYBX Team will employ the use of industry standard tools such as Nmap, Burp Suite, Nessus and techniques used by real-world hackers to evaluate your security and simulate a breach in a safe, controlled environment.
All infrastructure engagements are finalised with a report detailing findings scored on a Low, Medium, High, Critical or CVSS v3, depending on preference. The reporting phase will outline all identified vulnerabilities and the remediation actions necessary to fix security weaknesses.