INTERNAL PENETRATION TESTING

Know your unknowns to assess, quantify the internal infrastructure security vulnerabilities and prepare a risk mitigation approach meant to reduce attack surface and improve internal security posture – the most critical component of a corporate cyber security strategy.

Get In Touch

No salesy newsletters. View our privacy policy.

What is an internal network penetration test?

Internal network penetration test simulates an insider attack on organisational applications, systems and data. This insider could be an employee, contractor or partner who has access to the network.

Internal pen testing exercise in other terms establishes the true picture of an organisations’ risk posture. It helps CTOs/CISOs assess cultural practices around information storage, secure hardening, patch management, passwords analysis, active directory group policy, network equipment hardening and many more elements.

This is your assurance exercise to establish a secure and robust infrastructure for your organisation.

external penetration testing

Internal penetration testing methodology

01. Initial Scoping & Objectives

Our network penetration testing experts work with you to define the assets in scope covering primary security concerns and any regulatory requirements. 

Specific assessments defined against certain targets are defined under ‘white box’, ‘black box’ or ‘grey box’ methodologies to define test cases before starting the assessment.

04. lateral movement & exploitation

Initial foothold is gained by exploiting weaknesses identified in the previous phase. Privilege escalation attempts and lateral movement actions are carried out to infiltrate and gain access into the network(s).  Further vulnerabilities are exploited in a safe manner to measure the extent of exploitation, leading up to domain administrator account compromise. 

02. reconnaissance & intelligence gathering

Reconnaissance phase works with the single objective – information gathering and analysis to provide relevant information for later stages. 

Based on project scope, intelligence gathering is mostly infrastructure related (e.g., network layouts, domains, servers, infrastructure details) unless it is a red team pentesting where personnel are in scope. 

05. data analysis & reporting

This includes analysis on the test output, evaluation of the risk impact and attack likelihood before providing action plans to remediate the identified risks. 

All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels to help the customer security teams.

03. active scanning & vulnerability analysis

Using manual approaches and penetration testing tools, our cyber security experts identify security weaknesses and prepare an attack layout to target vulnerable systems. It includes identifying open ports, services, identifying relevant network interface web application and any vulnerabilities that could be exploited.

06. debrief & support

Our engagement process includes delivering a free of charge debrief to management and technical teams. This session involves helping to prepare a remediation plan based on the identified vulnerabilities and Q&A to ensure that customer contacts are up to date.

Cyphere provides a remediation consultancy where we define and execute the risk mitigation plan.

internal pen test methodology
More than 'report and run' consultancy

Vulnerabilities discovered by our internal penetration test service

  • Active Directory vulnerabilities
  • Insecure logging & monitoring
  • Lack of patch management
  • Insecure encryption configuration
  • Lack of network segmentation
  • Insecure password controls
  • Privilege access management
  • Cleartext transmission of sensitive data
internal network penetration testing

Frequently Asked Questions about Internal Pen Test

An internal network security test, the same as an internal penetration test, is aimed at internal network from an insider attacker perspective i.e. an employee, contractor or a partner.

External penetration testing is aimed at internet exposed devices and/or systems only simulating a threat actor on the internet (unauthenticated). External pen test measures your internet-facing assets attack surface and will never tell you the real story of your internal security culture
Internal and external penetration checks should be performed once annually.

Internal penetration tests can be scoped based on the requirements. For instance, if an organisation has never opted for network wide assessment and is aiming to improve security, it makes business sense to assess the gaps for the entire estate and perform risk remediation to set internal benchmarks. If an organisation holds maturity in its security processes, targeted assignments are scoped such as network segmentation, specific internal security testing projects.

A thorough internal pen test measures the information security culture at ground level. This includes password security (cracking & analysis), patching audit, group policy security, active directory design and architecture risks, insecure device and web application interfaces, encryption configuration, authentication, authorisation, secure information storage practices and network device hardening.

Penetration test an internal environment involves considering threat scenarios based on the architecture and threats. For instance, a company’s internal layout could be segmented with corporate, staging, production environments. For a medium-size company, it may be all in one and their production environment may be just a website hosted at a third-party site. Therefore, carrying out black-box penetration tests is justified in this scenario to assess the extent of an attack and it would mimic a complete outsider in your environment.

For the insider attack simulation test, we will ask standard staff privileges and start our assessment from there to figure out various ways with the objective of compromising underlying workstations/laptops and then infiltrating servers and domain controllers.

Where multiple physical sites and network segregations are a challenge remotely, onsite assessment is preferred. With post covid19 measures, we utilise a number of methods (SSL VPN, VM deployment or shipping hardware to client site) to carry out remote penetration testing of internal networks.

Communication plays an important role during security assessments. We explicitly request a list of fragile components during proposal and project initiation meetings. Low-level attacks, Denial of Service attacks are explicitly deemed out of scope for all assessments. This ensures the client that methodology includes careful assessment in line with business assets and not a blind scanning approach.

Cyphere’s internal pen test reports are world class deliverables containing raw data to support proof of concept and risk remediation measures. 

Risk remediation is sometimes a complex process due to the specialist security skill-set needed for IT teams. As part of our aftercare support, we provide help in preparing remediation plans for all our customers.
Optionally, we provide remediation consultancy to ensure all agreed findings are mitigated in line with best network security practices.

internal pen test faq
types of pen testing

Benefits of Internal Penetration Testing

Internal penetration testing
A secure infrastructure provides safe, secure environment

Infrastructure Penetration Testing Methodology

In order to perform an infrastructure security assessment, it is important to understand the context of assets in scope for the engagement. Our proven approach to network security assessments is based on more than a decade of experience, industry practices and effective ways to exceed customer expectations. 

Cyphere’s pentesting engagement lifecycle methodology is broken down into five phases as demonstrated in the penetration testing methodology diagram. 

  1. Initial Scoping & Objectives Agreement
  2. Reconnaissance
  3. Scanning
  4. Exploitation
  5. Reporting 
  6. Remediation (Optional remediation consultancy to help mitigate risks identified during penetration testing)
penetration testing methodology
Internal Pen Test Engagement Approach

Customer Business Insight

The very first step to internal pen testing remains our quest to gain insight into drivers, business, pain points and relevant nuances. As part of this process, our penetration testers understand the assets that are part of the scope.

Services Proposal

It is important to gain grips with the reality, therefore, we always stress on walkthroughs or technical documentation of the assets. After asset walkthroughs, a tailored proposal is designed to meet your business’ specific requirements.

Execution and Delivery

Cyphere’s approach to all work involves excellent communication before and during the execution phase. Customer communication medium and frequency are mutually agreed, and penetration testers make sure that relevant parties are kept updated throughout the engagement duration.

Data Analysis & Reporting

Execution phase is followed by data analysis and reporting phase. Cyphere performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels

Debrief & Support

As part of our engagement process, customers schedule a free of charge debrief with management and technical teams. This session involves remediation plan, assessment QA to ensure that customer contacts are up to date in the language they understand.

Recent Blog Entries

BOOK A CALL