Know your unknowns to assess, quantify the infrastructure vulnerabilities and prepare a risk mitigation approach meant to reduce attack surface.

Get In Touch

No salesy newsletters. View our privacy policy.

What is an internal network penetration test?

Internal network penetration test simulates an insider attack on organisational applications, systems and data. This insider could be an employee, contractor or partner who has access to the internal network.

“Internal” pen tests are also known as “Internal Infrastructure” or “Internal Network” penetration tests. This exercise in other terms establishes the true picture of an organisations’ risk posture. It helps CTOs/CISOs assess cultural practices around information storage, secure hardening, patch management, passwords analysis, active directory group policy, network equipment hardening and many more elements.

This is your assurance exercise to establish a secure and robust infrastructure for your organisation.

Internal network penetration testing

Internal pen test methodology

01. Initial Scoping & Objectives

Our network penetration testing experts work with you to define the assets in scope covering primary security concerns and any regulatory requirements. Specific assessments defined against certain targets are defined under ‘white box’, ‘black box’ or ‘grey box’ methodologies to define test cases before starting the assessment.

04. lateral movement & exploitation

Initial foothold is gained by exploiting weaknesses identified in the previous phase. Privilege escalation attempts and lateral movement actions are carried out to infiltrate into the internal network(s).  Further vulnerabilities are exploited in a safe manner to measure the extent of exploitation, leading up to domain administrator account compromise. 

02. reconnaissance & intelligence gathering

Reconnaissance phase works with the single objective – information gathering and analysis to provide relevant information for later stages. Based on project scope, intelligence gathering is mostly infrastructure related (e.g., network layouts, domains, servers, infrastructure details) unless it is a red team pentesting where personnel are in scope. 

05. data analysis & reporting

This includes analysis on the test output, evaluation of the risk impact and attack likelihood before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels.

03. active scanning & vulnerability analysis

Using manual approaches and penetration testing tools, our security experts identify security weaknesses and prepare an attack layout to target vulnerable systems. 

06. debrief & support

Our engagement process includes delivering a free of charge debrief to management and technical teams. This session involves help to prepare a remediation plan and Q&A to ensure that customer contacts are up to date. Cyphere also provide a remediation consultancy where we define and execute the risk mitigation plan.

More than 'report and run' consultancy

Vulnerabilities discovered by our internal penetration testing service

  • Active Directory vulnerabilities
  • Insecure logging & monitoring
  • Lack of patch management
  • Insecure encryption configuration
  • Lack of network segmentation
  • Cleartext transmission of sensitive data
  • Weak and default passwords
  • Privilege access management

Frequently Asked Questions about Internal Network Penetration Testing

An internal penetration test is aimed at internal network from an insider attacker perspective i.e. an employee, contractor or a partner. An external pen test is aimed at internet exposed devices and/or systems only simulating a threat actor on the internet (unauthenticated). 

Internal penetration tests can be scoped based on the requirements. For instance, if an organisation has never opted for network wide assessment and is aiming to improve security, it makes a business sense to assess the gaps and perform risk remediation to set internal benchmarks. If an organisation holds maturity in its security processes, targeted assignments are scoped such as network segmentation, specific internal security testing projects.

A thorough internal network penetration test measures the information security culture at ground level. This includes password cracking & analysis, patching audit, grou policy security, active directory design and architecture risks, encryption configuration, authentication, authorisation, information storage practices and network device hardening.

Where multiple physical sites and network segregations are a challenge remotely, onsite assessment is preferred. With post covid19 measures, we utilise a number of methods (SSL VPN, VM deployment or shipping hardware to client site) to carry out remote penetration testing of internal networks.

Communication plays an important role during security assessments. We explicitly request a list of fragile components during proposal and project initiation meetings. Low level attacks, Denial of Service attacks are explicitly deemed out of scope for all assessments.

Cyphere’s internal pen test reports are world class deliverables containing raw data to support proof of concept and risk remediation measures. 

Risk remediation is sometimes a complex process due to the specialist security skill-set needed for IT teams. As part of our aftercare support, we provide help in preparing remediation plan to all our customers.
Optionally, we provide remediation consultancy to ensure all agreed findings are mitigated in line with best network security practices.

Benefits of Internal Penetration Testing

A secure infrastructure provides safe, secure environment

Infrastructure Penetration Testing Methodology

In order to perform an infrastructure security assessment, it is important to understand the context of assets in scope for the engagement. Our proven approach to network security assessments is based on more than a decade of experience, industry practices and effective ways to exceed customer expectations. 

Cyphere’s pentesting engagement lifecycle methodology is broken down into five phases as demonstrated in the penetration testing methodology diagram. 

  1. Initial Scoping & Objectives Agreement
  2. Reconnaissance
  3. Scanning
  4. Exploitation
  5. Reporting 
  6. Remediation (Optional remediation consultancy to help mitigate risks identified during penetration testing)
Penetration Testing Lifecycle

Infrastructure Pen Test Approach

Customer Business Insight

The very first step remains our quest to gain insight into drivers, business, pain points and relevant nuances. As part of this process, we understand the assets that are part of the scope.

Services Proposal

It is important to gain grips with the reality, therefore, we always stress on walkthroughs or technical documentation of the assets. After asset walkthroughs, a tailored proposal is designed to meet your business’ specific requirements.

Execution and Delivery

Cyphere’s approach to all work involves excellent communication before and during the execution phase. Customer communication medium and frequency are mutually agreed, and relevant parties are kept updated throughout the engagement duration.

Data Analysis & Reporting

Execution phase is followed by data analysis and reporting phase. Cyphere performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels

Debrief & Support

As part of our engagement process, customers schedule a free of charge debrief with management and technical teams. This session involves remediation plan, assessment QA to ensure that customer contacts are up to date in the language they understand.

Recent Blog Entries

3 Principles of Information Security (Threats & Policies)

Read about 3 principles of information security and difference between information and cyber security. Further details include basics around security policies and their importance.

Top 7 API Security Risks (including prevention tips)

With APIs meteoric rise, most of our important data is consumed by API endpoints. It is important to ensure security is not an after thought. Read about top API security risks, attack examples and prevention measures.

Brexit and Data Protection | UK GDPR Law

Explaining the differences between DPA vs GDPR, for those wondering the differences between DPA and the newest GDPR legislation.

Top 6 Healthcare Cyber Security Threats and Best Practices (2021)

Healthcare troubles have worsened in 2020, facing two-pronged attack – Pandemic and Cyber Threats. Read our article detailing cyber security threats and best practices to follow in the healthcare sector in 2021. Discover more.

Facts About Computer Viruses & Malware (including 6 Virus Myths)

Read about interesting fun facts about computer viruses, their history and types. A fun read to beat your post lunch blues.

eCommerce Security : Cyber Threats & Best Practices (2021)

eCommerce platforms such as BigCommerce, Magento, Shopify are an attractive target for attackers. Learn what are the cyber threats facing eCommerce sector and best security practices to secure these businesses.

OWASP API Security Top 10 (With examples & fixes)

OWASP API Security Top 10 are the go to standard for API security. This article presents attacks, examples and how to prevent API security attacks. Discover more on

OWASP Top 10 Application Security Risks (With Examples & Recommendations)

OWASP Top 10 Web Application Security Risks are the go to benchmark against web application attacks. This article presents attacks, examples and how to prevent these web application attacks. Discover more on

Top 7 Office 365 Security Best Practices (includes Actionable Tips)

Office 365 security best practices with actionable tips to improve your organisations’ security posture. We highly believe that with products, it’s more important to get the best out of product features first before investing into high end consultancies or shopping new products. We hope this article offers a useful advice for your organisation.

Red Team vs Penetration Testing – Which one is the right choice for your business?

With cyber threats increasing at exponential rate, defensive techniques must evolve at the same rate. Red Team vs Penetration Testing – Which one is the right choice for your business? Both have pros and cons, but what’s best for your environment. Whether you should do it, when not to do it, benefits, costs and vendor selections.