INTERNAL NETWORK PENETRATION
TESTING

Let’s face it, the traditional “internet perimeter” is a thing of the past. Today, organizations host workloads in on-premise data centers, cloud service providers, SaaS solutions and more. This hybrid internal network makes adopting an “assumed breach” mindset more important than ever. Abricto Security conducts internal network penetration testing to measure the blast radius in the event a threat actor finds themselves in your internal network.

Purpose

Abricto Security’s consultants leverage cutting-edge tools, tactics and procedures to assess the resilience of your internal network against modern day threats. We meet with you and your team to understand your organization’s unique risk appetite. Then, we tailor our approach when conducting our assessment to emulate risk scenarios and validate defensive controls. While testing your network, our consultants publish findings in the Abricto Client Portal, giving you real-time visibility to the vulnerabilities uncovered.

Internal Network Areas of Focus

  • IPv6 exploit vectors
  • LLMNR and NBTS poisoning
  • ARP poisoning
  • NetNTLMv2 relay attacks
  • Kerberos exploitation
  • Unpatched service-specific exploits
  • Living off the land
  • Password strength
  • Privileged identity management
  • Server hardening
  • Security operations center visibility

Deliverables

  • Comprehensive security findings report detailing systems targeted, vulnerabilities identified, exploit walk-throughs and remediation guidance
  • Executive debrief to quantify business risk
  • Technical debrief to discuss exploit scenarios, remediation recommendations and next steps
  • Testing artifacts to replicate findings and test efficacy of remediations

Abricto Security conducts over 100 internal network penetration tests per year; these assessments are a core competency for us. Internal network penetration testing validates defensive controls are functioning as expected and that detective controls and processes are effective. We provide PCI DSS, FISMA, HIPAA and SOC2 security checks to ensure your compliance needs are met.