Logo Loading

Internal Network Penetration Testing

Your internal network hosts all of your sensitive information and critical systems. If a compromise were to occur, an attacker may have access to all of your data. It is imperative to identify the potential vulnerabilities an attacker could exploit should they gain access to your internal systems.

The Triskele Labs CREST-registered Team have conducted internal network testing for clients across the world including Australia, New Zealand, Singapore and China. Commencing with nothing more than a network connection, our Penetration Testing team have been successful in gaining Domain Administrator credentials during Penetration Tests for banks, retailers, software development companies and many more.

Our Penetration Testing team does not just focus on utilising automated tools to identify common issues such as vulnerabilities and missing patches; however, conducts manual testing to mimic a real-world attack. Reach out today to discuss your project requirements.

Some of the fantastic clients we work with include:

What sets us apart from the others?

  • Re-testing is include in all of our engagements
  • We assign a dedicated Service Delivery Manage
  • Results are provided in real-time via our unique portal
  • Reports are guaranteed within 10 business days
  • Our team is fully CREST-registered
  • Daily start and end-of-day emails including a list of issues
  • You have access to our whole team throughout testing
  • Everyone in our team is Australia-based

What sets us apart from the others?

  • Re-testing is include in all of our engagements
  • We assign a dedicated Service Delivery Manage
  • Results are provided in real-time via our unique portal
  • Reports are guaranteed within 10 business days
  • Our team is fully CREST-registered
  • Daily start and end-of-day emails including a list of issues
  • You have access to our whole team throughout testing
  • Everyone in our team is Australia-based

Our Comprehensive Methodology

The target systems will be identified, either through discussions with our clients or utilizing tools to conduct asset discovery. This will include all subnets and systems. All findings will be confirmed with the client to ensure the full scope is covered.

Once all hosts have been confirmed, port-scanning will be conducted to identify open ports, running services and the Operating System. This will begin to identify potential entry points and the avenues for attack.

Vulnerability Scanning utilizing automated tools will be conducted to map the network and begin to identify potential vulnerabilities. Upon discovering vulnerabilities, the client IT team will be notified immediately.

The Ethical Hacking Team will conduct manual inspection of the identified issues to ensure they exist. This will include probing and further scanning of systems. Where issues are discovered, the Ethical Hacking Team will request approval to exploit identified issues.

Once approved, the Ethical Hacking Team will conduct exploitation of issues to reduce false positives. This will confirm weaknesses in systems and potentially provide the Ethical Hacking Team with unauthorized access to systems. Once exploited, the Ethical Hacking team will request authorization to access data such as usernames, passwords or data.

Upon gaining access and permission, the Ethical Hacking Team will attempt to extract sensitive data that can be utilised for reporting or gaining access to additional systems.

Once a foothold has been gained, there may be other systems that can be compromised. The Ethical Hacking Team will attempt to pivot through the network, gaining access to other systems and/or information to verify the levels of compromise.

Once testing has been completed, exploits identified and confirmed, the Penetration Testing team will conduct clean-up to remove testing artefacts and ensure they cannot be utilised by a malicious user.

Utilizing the results of testing, Triskele Labs will report on issues identified. False positives are reduced throughout the process. All of our reports are provided to our clients through our secure portal, My Files.

Our Testing Checklist Includes

  • User & application-aware firewall
  • Network Scanning
  • Port Scanning
  • System Fingerprinting
  • Services Probing
  • Exploit Research
  • Manual Vulnerability Testing
  • Manual Configuration Testing
  • Application Testing
  • Firewall & ACL Testing
  • Privilege Escalation
  • Password Strength Testing
  • Network Device Controls Testing
  • Database Security Testing
  • Third Party Security Testing

Request More Information