Internal penetration testing is designed to replicate the risks associated with the attack after they have penetrated the defenses put-forth for your network. At Teceze, we carry out thorough and laborious, end-to-end testing that helps us to identify any potential risks which prevent internal attacks.
Prior to testing, testers are expected to read the scope and fully understand it. Before they get to work, any of the systems that are ruled out of scope should be null routed or any access should be prohibited. It is common for meetings to take place before the testing commences and this is to give the client reassurance and to go through the works that will be undertaken. This ensures that the tests run smoothly and that all hosts remain untouched.
To identify any obvious attack vendors and services that are vulnerable. Further investigations are carried out as well as manual testing of all the identified issues and hosts that were identified in the previous steps. Our goal is to exploit one or more issues manually or through the use of an exploit framework such as Metasploit. If done manually, it will involve brute force, default passwords, or exploits that are not widely known.