Infrastructure Penetration Testing

Typically focused on the disgruntled employee, or in support of other activities such as internal technical compliance, this type of penetration testing focuses on obtaining privileged access to internal systems or information.

Generally, the team will start with a connection to the internal network, a low-privileged user account, and a typical workstation provided by the client. Depending on the scenario, the team may also have the ability to use a dedicated suite of tools to more rapidly assess the internal network, and may be provided with a limited amount of privileged information, such as a network diagram.

The team will typically work through the following phases, and depending on their progress, may repeat stages several times to ensure the best possible coverage can be obtained in the time allowed: