The testing aims to highlight vulnerabilities and misconfigurations of systems, which can lead to privilege escalation, theft of data, and even the ability to gain a persistent foothold within the network.
Although methods used will vary for each engagement, dependent on the services in use and the client’s appetite for risk, we follow a similar methodology in each project. Initially, our consultants run vulnerability scans to quickly highlight potential risks. They then manually investigate issues, which leads to the exploitation of vulnerabilities and the eventual compromise of the host or system where possible.
As part of the engagement, our consultants provide risk ratings for each vulnerability based on the ease of exploitation and the potential impact should the exploit be used. This helps you to prioritise your remediation efforts, and manage your risks accordingly.
Given that every environment is constructed slightly differently, all of our internal infrastructure penetration tests are tailored to your specific requirements.
Following the delivery of the report, we recommend a follow-up call to run through the findings and ensure that remediation advice is clear. This also allows your team to ask any further questions and clarify any areas of uncertainty.