Internal Network
Penetration Testing

Security Simplified conducts internal infrastructure penetration testing from an “unauthenticated internal” user perspective. The primary purpose of the assessment is to uncover network-layer vulnerabilities and misconfigurations that could result in the complete compromise of the organization’s internal network.

Security Simplified approach is targeted to gain the highest level of access within the target network i.e. domain or enterprise administrator. We perform the assessment with zero knowledge and with no user credentials (as real attackers would have). Each attack footpath exploitation and vulnerability chaining techniques are utilized and demonstrated to gain the highest privileged access.

Our methodology and test cases are derived from the below standards:

  • Penetration Testing Execution Standard (PTES)
  • MITRE ATT&CK Framework
  • Open Source Security Testing Methodology Manual (OSSTMM)
Image
Image

Our Methodology

Active Reconnaissance from User LAN

Open Ports, Vulnerability Scanning, Out of Date Patches, Default Credentials

Understand Network Segmentation

Subnet, VLAN, Server Zone Identification

System Compromises via Weak Configuration

Steal User Password Hashes and Password Cracking

Exploit known Vulnerability & Misconfigurations

Identify Escalation Vectors (Local System or User Privilege Related)

Privilege Escalation & Domain Takeover

Attack Foothold

Executive Summary

Finding, Risk & Recommendations

Reporting

  • Executive summary for the management
  • Vulnerability dashboard for the project team
  • Technical report for the development team
  • Detailed attack paths & chaining of vulnerabilities to gain persistent access
  • Vulnerability description, root cause, impact and remediation steps
  • Reporting and risk rating matrix based on PTES & OSSTMM standards

Want to work with us?

Do you need help finding information or want to know more about what Security Simplified services can do for you?

CONTACT US

Copyright @2022 Security Simplified Limited