An Internal Penetration Test is an attempt to gain access to your IT systems from the perspective of either an attacker who has internal access or an employee with low access privileges. Often deemed low risk by management, internal security vulnerabilities can pose a substantial threat and need to be taken seriously.

When performing an Internal Penetration Test, Broken Cipher will attempt to escalate privileges and gain access to those systems or devices agreed to prior to testing. In order to confirm the situation we will have a number of targets such as retrieving:

Administrator passwords
Database passwords
System or server screenshots
Confidential emails
Confidential documents

An Internal Pentest follows the standard penetration test methodology. Information is gathered about the local network. Service and vulnerability scanning is carried out. Potential exploitation is determined and exploitation is attempted. Internal testing has a significant manual element due to the manner in which sensitive information can be identified.

The output of a Broken Cipher Internal Penetration Test is a report with a non-technical overview of the impacts and likelihood of the most serious security issues, coupled with technical details of the tests undertaken, more comprehensive descriptions of the individual issues, and recommendations for resolution.

We prefer to deliver this Internal Security Vulnerability Assessment report face to face to enable discussion and full comprehension of the risks identified. We also make our testers available for further meetings and discussions with those who are tasked with fixing any issues. Finally, we recommend a retest to ensure that fixes have been successfully applied.