Internal pentest
An internal pentest is carried out on the client’s internal Information System.
The auditor goes on site, or operates through a remote access tool, in order to attack internal resources.
The goal is to simulate an attack by a malicious visitor or a compromised employee station in order to recover sensitive information and elevate its privileges on the Information System.
Different penetration testing scenarios exist
Malicious visitor
Connection to the internal network with the consultant’s PC, no account on the Information System.
Custom scenarios
Contact us for custom scenarios such as an Assumed Breach pentest.
Malicious employee
Connection to the internal network with company/consultant PC, employee account on the Information System.
Remote employee
Remote access (VPN) with company/consultant PC, employee account on the Information System.
Malicious provider
Access to the service provider’s information system in order to determine the customer’s capacity for compromise by rebounds.
Remote provider
In which cases to choose the internal intrusion test?
Test the security of the internal Information System against an attack from a malicious visitor, a malicious/compromised employee.
Check the impact of the compromise of an itinerant employee such as commercial, pre-sales, executive…
Discover the adventures of Jean le pentester on an internal intrusion test for a more colorful description.
Mission organization
An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.
In the majority of cases, a legal mandate is not necessary for this type of service.
The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.
Penetration test results
The deliverables of the mission include a report as well as two optional restitutions.
The report includes a summary of the results as well as the details of the identified vulnerabilities and recommendations.
The technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan. Managerial restitution makes it possible to address an executive audience.