Internal Penetration Testing

An internal penetration test seeks to emulate the latest tactics, techniques and procedures (TTPs) used by malicious actors who manage to gain access to the organization’s internal perimeter. In this type of assessment a ByterArmor engineer will conduct a thorough scan of the network while attempting to identify potential vulnerabilities in the organization’s information assets. Subsequently, it will execute controlled attacks on the internal network, which will vary from common exploitation techniques to advanced attacks on the Active Directory infrastructure, with the main objective of gaining access to computers through lateral movement, compromise of privileged user credentials, security services. network, and information exfiltration. This approach allows us to evaluate the resistance and security of the organization’s internal infrastructure, identifying and strengthening possible weak points that could be exploited by malicious actors once they can penetrate the external perimeter.

Methodologies used

Our engineers rely on the most widely used international frameworks such as the NIST SP 800-115 Technical Guide for Information Security Testing and Evaluation, the Open Source Security Testing Methodology Manual (OSSTMM), and the OWASP Testing Guide (v4), as well as making use of custom testing frameworks.

Activities executed

– Vulnerability scanning and service enumeration.
– Password and pass-the-hash attacks
– Enumeration of shared resources
– Lateral movement
– Man-in-the-middle attacks (LLMNR/NBT-NS poisoning, SMB relay, LDAP relay, IPv6 relay, etc.)
– Authentication hash attacks
– Advanced attacks on Active Directory
– Attacks on database servers
– Attacks on Private Key Infrastructure entities
– Data exfiltration
– EDR Evasion
– Other tests depending on the internal infrastructure of the organization.

Complete our information request form!

Please enable JavaScript in your browser to complete this form.
Name
Services Needed
Interested

Stay ahead of the cybersecurity curve!

Sign up now to receive our newsletter and stay informed about the latest trends and insights. Don’t miss out on cybersecurity updates!Â

ByteArmor is a firm that focuses on maximizing the cybersecurity posture and improve the IT project management capabilities of your organization.

Linkedin Envelope
Services
Support
Get in Touch