Internal penetration testing is an audit that aims at performing tests inside the company or sometimes through a VPN. Most of the time, penetration testers go to the company’s buildings, bring their equipment and put themselves in the shoes of an internal attacker.

An internal penetration testing enables you to measure the risk for your internal network to be compromised. This involves detecting incorrect configurations, identifying internal vulnerabilities that can be exploited by an attacker and measuring the consequences on the internal network if a machine were compromised.

I notably focus on exploitations based on:

  • Local phishing
  • Network sniffing
  • Network shares evaluation

Methodology

  • Reconnaissance
  • Fuzzing
  • Exploitation
  • Post-Exploitation
  • Lateral Movement