CoNetrix

Internal Penetration Testing

CoNetrix Security's Internal Penetration Test (IPT) service is designed to replicate the perspective of an attacker that has already gained access to the organization's internal network. As such, testing will be performed remotely by connecting a system owned by CoNetrix (the "ToolBox") to the client's internal network.

Internal Penetration Test coverage includes automated and targeted testing mechanisms, such as:

  • Automated vulnerability scanning
  • Attempted exploitation of vulnerabilities identified during the automated scan
  • Identifying default and common credentials
  • Kerberos abuse attacks
  • Passive packet inspection
  • Looking for passwords in Active Directory Group
  • Policy preference files
  • Reviewing the permissions and relationships between Active Directory objects to identify weaknesses and potential privilege escalation paths

Exploitation

An IPT engagement consists of a combination of automated scanning and targeted exploitation techniques that illustrate the actions an attacker might take once gaining access to the network.

Targeted exploitation of vulnerabilities found during testing will be performed by a trained penetration tester.

We take an adversarial perspective to give you an understanding of an attacker looking to gain additional access, so you can discover what systems need additional controls put in place.

Internal vs. External Pen Test

How does this service differ from an External Penetration Test?

The primary difference between external and internal penetration tests is the attacker's perspective. External penetration tests replicate an attacker with the "outside, trying to get in" perspective. An internal penetration test assumes that the attacker has gained access to the internal network, so the attacker has an "inside, looking to gain additional access" perspective.

Learn more about our External Penetration Test services, or contact your account representative.

The CoNetrix Difference

Easy-to-read Reports

Each pen test engagement results in human-readable reports that present findings sorted by associated risk. Clients are also provided with a complimentary subscription to Tandem Security and Compliance Software® Audit Management Lite. Findings are populated in the software, facilitating the formal response process to any exceptions.

Skilled Experts

An in-house team of experts in exploitation-based testing helps maintain consistency and quality across engagements.

Relationship-Focused Testing

Our testing methodology is based on open communication, collaboration, and relationships. For annual engagements, you can call us during the balance of the year following your testing with questions about findings, IT regulatory exams, etc.

Custom Engagements

CoNetrix Security recognizes each company varies in size and complexity. Our pen testing options are designed to be modified to fit your needs.

Ask your account manager about packaging options to get the right testing engagement, frequency, and coverage for your company. Contact Us.

Ready to get started?

Request a Quote