Internal Infrastructure Testing

It is very common for organisations having a secure external infrastructure but they overlook for organisation's internal infrastructure security. However, according to facts more attacks originate from within the company and tend to be a lot more expensive than external attacks. We can help you to prevent unauthorised accesss to your internal systems and resources from internal or even external intruders that were able to copromise the external infrastructure.

The Interal Infrastructure Testing Methodology is divided into three distinct phases; Profiling, Assessment and Exploitation.

Profiling Phase

Information Gathering (Reconnaissance) techniques such as Enumeration, Footprinting, Fingerprinting and DNS/SMTP Reconnaissance will be performed to gather as much information as possible about the customer’s corporate network.

Specifically, the following techniques will be used to find and assess any security-related information:-

Information Gathering (Reconnaissance)

Port Scanning (TCP/UDP)

Common Protocol Queries (SNMP/SMB/IKE/LDAP/DB)

Ping Sweeps (TCP/ICMP)

OS & Service Fingerprinting

Traceroutes (TCP/UDP/ICMP)

Active Directory User Enumeration

DNS Lookups & Zonetransfers (Forward/Reverse/Bruteforce)

Passive Sniffing


Using the above Information gathering techniques we will be able to profile customer’s network as described below:-

Network Infrastructure

Social Infrastructure

Host names – Including Domains, Subdomains, Virtual Hosts


Servers – Identifying any Server running within the network infrastructure (Such as Name, Email, Web, File, Database, Domain Servers)

IP Addresses – All IP Addresses/Network blocks related to Customer’s Network


Network Devices – Including Firewalls(IDS/IPS/WAF), Routers, Switches, VPNs


Interior Routing – Identifying interior routing protocols



Assessment Phase

Both automated and manual vulnerability assessment will be performed - based on the information found from the Profiling Phase - against the customer’s internal infrastructure to ensure that all known and unknown vulnerabilities will be identified.

Specifically, the following vulnerability assessment techniques will be used:-

Vulnerability Assessment

Automated Assessment – Vulnerability Scanners will be used to identify potential risks.

Information Leakages – Applications can unintentionally leak information about their configuration or internal workings (E.g. Banners exposing version details / Error messages reveal SQL syntax etc.).


Input Validation – An assessment for input validation will be performed to identify application and services that fail to fully validate the input they receive from users (E.g. Buffer Overflows, SQL Injections etc.).

Misconfigurations – Misconfigured security settings, particularly insecure default settings, are usually easily exploitable.


Lack of Patching – Identifying the out-of-date systems and services.

Insecure Protocols – Identifying protocols which allow authentication credentials to travel in clear-text format and are vulnerable to sniffing attacks.

Exploitation Phase

At the exploitation stage we will try to exploit and validate the existence of the identified vulnerabilities. Both online and offline password cracking techniques (e.g. Guessing, Dictionary, Hybrid, Brute-force) will be performed against password hashes (e.g. LM/NTLM) and/or authentication points found from previous steps of testing. In case of successful exploitation we will try to escalate privileges within applications, hosts and networks.