Internal penetration tests imitate the role of an attacker already inside a network or information system. A consultant on our team will enumerate the environment to identify vulnerabilities that would allow the most common attack methods such as: LLMNR/NBT-NS poisoning, man in the middle attacks, token impersonation, kerberoasting, pass-the-hash, golden tickets and more. The consultant will also look for unique vulnerabilities in the environment that will allow them to gain access to hosts through lateral movement, compromise domain user and admin accounts and potentially exfiltrate sensitive data
All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
• Planning – Customer goals are gathered and rules of engagement obtained.
• Discovery – Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.
• Attack – Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
• Reporting – Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.