One Step Further:
Assume compromise…if a remote employee’s endpoint gets taken over by a malicious actor, this can lead to quicker and deeper compromise than an external attack due to all business perimeter defenses already being bypassed. This assessment examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability or integrity of the company internal network. The results of an internal penetration test typically demonstrate what information or other assets might be exposed to an unauthorised user who has assumed network level access to your corporate IT environment.
What SEC Consult Experts Will Do:
- Examine your corporate network for various common vulnerabilities, issues stemming from unpatched systems to misconfigurations such as default credentials and unintended exposed services. If password hashes are obtained, a password cracking attempt is made.
- Test from the perspective of both an authenticated and non-authenticated user to assess potential exploits against identified systems/services.
- Identify misconfigurations that would allow internal users to access unauthorised sensitive information and inadvertently leak it online. Data exfiltration will be simulated to demonstrate the impact of an internal breach.
- Review of network architecture and segmentation.