Internal Penetration Testing
An internal penetration test emulates the role of an attacker from inside the network. A TCM Security engineer will scan the network to identify potential host vulnerabilities. The engineer will also perform common and advanced internal network attacks, such as: LLMNR/NBT-NS poisoning and other man- in-the-middle attacks, token impersonation, kerberoasting, pass-the-hash, golden ticket, and more. The engineer will seek to gain access to hosts through lateral movement, compromise domain user and admin accounts, and exfiltrate sensitive data.
Our Methodology
All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
Planning
Discovery
Attack
Reporting
Thorough Testing
Activities performed during internal penetration testing include, but are not limited to:
- Vulnerability scanning and service enumeration
- Password and pass-the-hash attacks
- Shared resource enumeration
- Pivoting attacks
- Ticket attacks, such as silver tickets and golden tickets
- Man-in-the-middle attacks (LLMNR/NBT-NS poisoning, SMB relaying, LDAP relaying, IPv6 relaying, etc.)
- Hash cracking
- Kerberoasting attacks
- Other testing depending on specific customer content and footprint
Thorough Testing
Activities performed during internal penetration testing include, but are not limited to:
- Vulnerability scanning and service enumeration
- Password and pass-the-hash attacks
- Shared resource enumeration
- Pivoting attacks
- Ticket attacks, such as silver tickets and golden tickets
- Man-in-the-middle attacks (LLMNR/NBT-NS poisoning, SMB relaying, LDAP relaying, IPv6 relaying, etc.)
- Hash cracking
- Kerberoasting attacks
- Other testing depending on specific customer content and footprint
Thorough Testing
Activities performed during internal penetration testing include, but are not limited to:
- Vulnerability scanning and service enumeration
- Password and pass-the-hash attacks
- Shared resource enumeration
- Pivoting attacks
- Ticket attacks, such as silver tickets and golden tickets
- Man-in-the-middle attacks (LLMNR/NBT-NS poisoning, SMB relaying, LDAP relaying, IPv6 relaying, etc.)
- Hash cracking
- Kerberoasting attacks
- Other testing depending on specific customer content and footprint
Proudly Trusted By:
Sample Pentest Report
See The Results We Can Deliver To You. No Email Required.
Penetration Testing - PCI Compliance - Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.