Internal pentest


 

A penetration test carried out on the client’s internal information system.

The auditor goes on site, or operates through a remote access tool, in order to attack internal resources.

The goal is to simulate an attack by a malicious visitor or a compromised employee station in order to recover sensitive information and elevate its privileges on the Information System.

    Vecteezy.com

    Different penetration testing scenarios exist

    Malicious visitor

    Connection to the internal network with the consultant’s PC, no account on the Information System.

    Custom scenarios

    Contact us for custom scenarios.

    Malicious employee

    Connection to the internal network with company/consultant PC, employee account on the Information System.

    Remote employee

    Remote access (VPN) with company/consultant PC, employee account on the Information System.

    Malicious provider

    Access to the service provider’s information system in order to determine the customer’s capacity for compromise by rebounds.

    Remote provider

    Remote access (VPN) with consultant PC, service provider account on the Information System.
     

    In which cases to choose the internal intrusion test?

    Test the security of the internal Information System against an attack from a malicious visitor, a malicious/compromised employee.

    Check the impact of the compromise of an itinerant employee such as commercial, pre-sales, executive…

    Discover the adventures of Jean le pentester on an internal intrusion test for a more colorful description.

    Mission organization

    An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.

    In the majority of cases, a legal mandate is not necessary for this type of service.

    The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.

    g

    Penetration test results

    The deliverables of the mission include a report as well as two optional restitutions.

    The report includes a summary of the results as well as the details of the identified vulnerabilities and recommendations.

    The technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan. Managerial restitution makes it possible to address an executive audience.

    Contact us