Internal Infrastructure Testing

An attacker's ultimate goal is often to steal your crown jewels, the data that is most important to your business. In many organisations, this data resides on the 'internal' (typically Windows) office network. A common attack path is to breach an organisation's perimeter, take a position on the internal network and find a path to these crown jewels.

Get an instant Internal infrastructure quote

What is Internal Infrastructure Penetration Testing?

Internal Infrastructure penetration testing is ethical hacking of the internal Windows (usually) network infrastructure that belongs to an organisation. The objectives of this penetration testing service are:

  • Identify unpatched systems
  • Identify insecure systems and services
  • Take control of workstations or servers on the network
  • To compromise staff user accounts
  • Intercept encrypted passwords on the network and attempt to crack them
  • Attempt to brute force accounts for network services, such as databases or web services
  • To compromise privileged accounts such as domain administrators
  • Attempt to access sensitive or mission-critical information
  • Demonstrate it is possible to gain a foothold in the network and remain there
  • Eavesdrop on sensitive network communications

These are the exact actions a real-world attacker will carry out once they have gained initial access to your internal network.

A note on COVID-19: We are able to perform internal infrastructure remotely, without requiring a consultant to come to your premises. We will provide details of this during the booking process.

What are the benefits of Internal Infrastructure Penetration Testing?

When an attacker is targeting an organisation, their ultimate aim is to gain access to the internal network of that organisation. They will attempt to do so by attacking the perimeter of the business, or by using social engineering attacks such as phishing.

Once an attacker has an initial foothold in the internal network, they will typically attempt to find and compromise the organisation’s ‘crown jewels’; whatever data or assets you have that are most valuable to your organisation. Attackers do this by traversing across the network, compromising various accounts and machines, gradually gaining deeper and deeper access until they have reached their goal.

The purpose of an internal infrastructure pentest is to determine how well protected your network is against attackers in this initial ‘foothold’ position, and how easy or otherwise it is for them to navigate through the network and steal your crown jewels, or take control of your domain.

The benefit of this kind of test is that our testers will find these holes in your networks and systems, they will discover the paths to your crown jewels in a safe and controlled manner, so that you can fix the weaknesses before the bad guys find them.

What will we find in an Internal Infrastructure Penetration Test?

You will learn a lot from the results of one of our internal pentests. Here’s what we’ll give you:

  • A detailed narrative of how our testers combined vulnerabilities, navigated and compromised your network
  • Details on the main vulnerabilities we found in the network
  • Details on any weak passwords we cracked during the test
  • Details on all service misconfigurations
  • And most importantly, detailed information on how to fix what we found, to stop real-life attackers from breaching the network

Are you CREST Certified?

OnSecurity is a CREST (Council of Registered Ethical Security Testers) approved vendor. This means that all our test methodologies, processes, policies and procedures have been externally vetted by CREST to ensure we are operating to the highest standards possible in the pentesting industry.

On top of this the majority of our testers are CREST certified, meaning they have been through a CREST assault course (or CREST-recognised equivalent) to ensure they have the requisite skills needed to find and exploit vulnerabilities in a safe and controlled manner.

This external validation means you can be confident your pentests are being carried out to the highest standard, by vetted and tested consultants, who use a best-in-class manual-first approach to testing.

Crest Logo

Booking your Internal Infrastructure Penetration Test

Booking one of our penetration testing services couldn’t be simpler. There are no phone calls or emails needed, all it takes is for you to answer two quick questions and we’ll get you onto our industry-leading online platform.

From here, we’ll have the ability to provide you with an instant online quote for your required service.

We will begin your chosen penetration testing service on the date selected by you and begin reporting our findings as and when we discover them. There is no waiting around for weeks for these to come through, we’ll provide you with the information when we have it ourselves.

Get an Instant Internal Infrastructure Quote

Do you have a budget and want to know how much a specific pen test would cost? Try out our instant quote generator and get the ball rolling.

© 2024 ONSECURITY TECHNOLOGY LIMITED (company registered in England and Wales. Registered number: 14184026 Registered office: Runway East, 101 Victoria Street, Bristol, England, BS1 6PU). All rights reserved.