Infrastructure Penetration Testing

  • Highly trained and certified penetration testing team

  • Proven penetration testing methodology

  • Includes retest option to validate your fix actions

  • Clear & concise reports with prioritized, actionable items

Infrastructure Penetration Testing is a vital means of ensuring your organisation is protected in a real world scenario and should form part of your business's overall Cyber Security Strategy, ensuring network based security controls and security operations are operating effectively.

Our Infrastructure Penetration Test service replicates how a skilled and determined attacker will scour the network in search of vulnerable components (from the network to the application level).

The methodology used for infrastructure penetration testing is based around ensuring your IP-based network security assessment is performed in a structured and logical way.

An assessment does not just pass once over each part of the methodology but as information is gleaned from the network, it is re-iterated over and over again until all avenues of attack have been explored in the time available.

Depending on what level of assurance is required, we can report on major issues, as they are found or seek to exploit them to demonstrate the extent a vulnerability will open up your network allowing an attacker to gain a persistent foothold.

The risks of performing an exploit to your business will be explained prior to the exploitation to allow you to make a judgement call on whether the risk is justified.

For some compliance reasons, exploitation can be a requirement and we will be pleased to discuss if this is relevant to you.

Infrastructure Penetration Testing Overview

There are three main types of network penetration test:

External Infrastructure Penetration Testing: taking the view of an attacker on the Internet, targeting your business's Internet presence.

Internal Infrastructure Penetration Testing: taking the viewpoint of an attacker who has gained access to your internal corporate network or a malicious low privilege staff member already on your network. This could include a wireless assessment if wireless is used within the organisation.

Scenario Based: This is an alternate type of internal infrastructure penetration test, which can be performed instead that isolates a single point of entry and attempts to gain as much as possible from that entry point. More information on Scenario Based testing is below.

What is Covered?

Internal Infrastructure Penetration Testing

  • Host discovery

  • Port Scanning

  • Vulnerability scans with manual confirmation of findings

  • Web Services and application unauthenticated testing

  • Remote management interfaces

  • Database Services

  • Windows Networks, Domains and Forests

  • RPC Endpoint Services

  • Other Exposed Services Assessment

  • Wireless Assessment of one or more offices

  • Use of wireless security measures

  • Intra client wireless protection

  • Corporate separation with wireless networks

  • Guest and corporate wireless network segregation

External Infrastructure Penetration Testing

  • Open source data gathering

  • Host discovery

  • Port Scanning

  • Vulnerability Scans with manual confirmation of findings

  • Web Services and application unauthenticated testing

  • Remote management interfaces

  • Database Services

  • Mail Servers

  • VPN Endpoints

  • RPC Endpoint Services

  • Other Exposed Services Assessment

Scenario Based Testing

The above describes a breadth-first approach to infrastructure penetration testing designed to find as many vulnerabilities as possible.

The scenario based test is an alternate type of internal infrastructure penetration test, which can be performed instead that isolates a single point of entry and attempts to gain as much as possible from that entry point.

In this test, our consultants will engage with your team to discuss their security concerns. For example, 3rd party cleaners may have access to the company office at night and your business wants to know what unattended non-staff personnel could do if they connected to the corporate network.

This is considered a bespoke engagement where our security consultants will agree a starting point for the engagement (for example begin outside the office and utilising Wi-Fi to gain access to the corporate network) and the client will then provides a list of goals (flags). For example, to reveal the contents of a test file called 'test' on a restricted share or the contents of a test email sent between the CEO and CFO regarding a planned acquisition.

This type of assessment is usually time limited though the results tend to raise the case for stronger security measures within the organisation.

The infrastructure penetration test report will detail a short non-technical executive summary that will describe the security of the network as a whole. This summary will allow budget approvers to quickly understand the risk the network currently poses and have a handle on the impacts to budget, timescales and resources any remediation will take.

The report will also include full detail of each of the vulnerabilities found including a risk rating, an ease of attack rating, if applicable a CVE reference, the CVSS score and vector, and any supporting evidence.

Should a number of options exist for remediation, and the pros and cons of each will be explained. If applicable, any potential problems a fix may cause will be noted.

This format of results in the report will allow the organisation to decide on the best course of action to address the vulnerability and therefore reduce the attack surface of the business's network.

Penetration Test Report

The Penetration Test Report includes the URLs and IP addresses tested, reconnaissance (discovery) information, vulnerabilities discovered, steps taken during the assessment, exploitable areas, and prioritized recommendations. For any systems we are able to exploit, an Issue Detail section is used to discuss step-by-step the process we used to gain access, escalate privileges, etc.

Penetration Test Report Findings Review

We schedule either an in-person or online session with you where we walk through the report with your team and answer any questions about the findings, our methods, or the steps required for remediation. Many competitors deliver a confusing lengthy report at the end of the engagement for you to decipher. Our penetration test report review adds tremendous value because we can clarify findings and remediation steps.

Free Retest

How do you know the steps you took to fix our penetration test report findings actually worked? Validation removes the guesswork. When you're ready, after fixing the issues identified in the penetration test report, we offer a free re-test of those identified vulnerabilities. This is a crucial and often overlooked step in this process. Validating security controls, patches, and other fix actions is extremely important. We have discovered numerous organisations that thought they fixed a finding we identified, only to discover after a retest that the finding was still there.

Certificate of Attestation

The attestation letter serves as record of us performing the penetration test. It includes a summary of the findings. Its intent is for external use, outside of your organisation, to show proof that a security assessment was performed and to highlight test results.

Purchase Online

Infrastructure Network Penetration Test
from 1,600.00

Identify your network’s critical vulnerabilities before cyber criminals do. Our external network penetration test provides a complete solution for effectively testing your IT network infrastructure and making sure your organisation is genuinely secure against cyber threats.

Number of IP Addresses:
Add To Cart

Contact Us

Name *