INTERNAL PENETRATION TESTING

The premise of an Internal Penetration Test is that of a rogue employee, an external attacker who has managed to get a foothold behind the border firewalls or a physical attacker who has gained access to the internal network either via wireless or a spare network socket

Once on site we will have a pre-test meeting to re-confirm the scope of the work to ensure everything runs smoothly and ensure no out of scope systems are tested.

Testing will start from a single connection to the network and with no prior knowledge of network layout or any authentication credentials for any device unless otherwise specified or provided.

The target ranges, either supplied or earlier enumerated will be scanned using a number of automated tools in order to identify potential targets of interest, including what software they are running and what services are exposed. Following this, a more thorough automated vulnerability assessment will be performed against all systems as time permits. If any hosts have been explicitly provided as key targets of interest then they will be tested first.

While automated scans are running, manual testing will be performed against the identified hosts, again starting with those explicitly provided. If vulnerabilities enabling access to a host are found, they may be exploited in order to gain access and conduct further tests against this or other related hosts. Unless explicitly scoped otherwise, the initial focus of testing will be to identify the most critical targets as an attacker would see them.

Staddon Internal Penetration testing

METHODS OF INTERNAL TEST

The methods used for each test will be different depending on the organisation, the network and the environment. From our experience, the issues identified during an internal test can usually be broken down into three categories:

Patching

Patching

Patching is a big issue and often boxes and applications are simply overlooked

Passwords

Passwords

Passwords are often weak and easily guessable and sometimes silly passwords are used

Policy

Policy

Build standards and internal policies are often weak

CLIENT TESTIMONIALS - VIEW ALL

"Staddon consulting have been GoCompare’s trusted partner for over six years. Their friendly and approachable manner has made it easy for us to develop a very good relationship with them. I know we can trust them to do an excellent job and they are extremely flexible. Donna goes above and beyond to make sure everything runs smoothly and that's one of the reasons we have stayed with them. I would highly recommend Donna and her team to anyone who needs help with their Cyber Security"
GoCompare logo
David Trouse
Data Protection Officer - GoCompare
"Donna at Staddon Consulting has been brilliant in our exercise of achieving PCI Level 1 compliance for our eCommerce platform, bluCommerce. We knew from the beginning that this would be a complex and challenging project both technically and operationally, and she expertly helped co-ordinate the key steps in gaining full PCI accreditation. The project as a result flowed extremely smoothly and we achieved our goal ahead of schedule!"
blubolt Logo
Chris Mattingly
co-founder & Director - blubolt
"I have been working with Staddon Consulting for the last 7 years, mostly on security solutions suitable for use in our medium sized business with around 150 staff. As a Housing Association and a registered charity we need to ensure we have effective solutions but also obtain very good value for money. Staddon Consulting have always been able to suggest a number of solutions, arrange demonstrations and help us to select solutions that meet our requirements as well as providing help and advice relating to the ongoing use of the solutions. I would happily recommend Staddon Consulting to anyone who needs help with their Cyber Security"
Two Rivers logo
James Osborne
Head of IT - Two Rivers Housing
"Hertsmere were looking for a way to tackle staff awareness about Phishing scams and approached Staddon Consulting, who we had previously worked with on our IT Health check over a number of years. They suggested a simulated phishing attack followed by a presentation to staff on security through the eyes of a hacker which was punchy, engaging and very well received. They are extremely approachable and always come up with the right solution to meet our needs. I would highly recommend Staddon Consulting without hesitation"
Hertsmere Logo
David Casling
Infrastructure and Technical Security Team Leader - Hertsmere Borough Council
"We have worked with Staddon Consulting for several years, where they have supported us with various security assessments. My team and I have always found them to be extremely flexible in their approach, easy to engage with and are viewed as a trusted and reliable security partner.
They have been able to offer several services from various accredited suppliers, enabling us to rotate suppliers in line with best practice, whilst maintaining a relationship with one Account Manager. We look forward to continuing to work with them in the future."
Aster Group Logo
Richard Strange
Director of Transformation-IT - Aster Group
"Staddon Consulting were brilliant from start to finish. We worked with them on a detailed security assessment of a business critical application and cannot fault the professionalism and service. The reports were extremely detailed and thorough, and the support and advice we received throughout the process was excellent. I would have no hesitation recommending Staddon Consulting"
The Independent Pharmacy Logo
Scott McDougall
Director - The Independent Pharmacy
"Staddon consulting help us source accredited PEN testing partners for our enterprise clients, their knowledge of the security industry helps us provide our clients with the testing solutions to fit their requirements. We look forward to using Staddon Consulting in the future as our preferred security partner"
Element Studio Logo
Phillip Davies
Director - Element Studio Ltd
"IMServ have used Staddon Consulting for over 4 years as a trusted supplier of various IT security services. We find them to be prompt, trustworthy, flexible and personable – but most importantly they take the time to understand our needs as a customer.
Having a single point of contact who uses this understanding to leverage the most appropriate products and services to support our business is a key differentiator for us."
IMServ Europe Logo
Morgan Rogers
IT Director - IMServ Europe
"4 Digital produce complex websites and online systems/portals that require extensive security tests. Staddon Consulting have been our go-to company for many years….we depend on Donna for the right advice and solutions and she always delivers! She’s our first port of call and I’d recommend you do the same."
4 Digital Ltd Logo
Andy Stanton
Managing Director - 4 Digital Ltd
"As a B2B cloud solution, Jazoodle understands that you cannot compromise the security of its systems. Staddon Consulting were recommended as we needed a full security audit prior to the launch of our solution. I have been very impressed both by the standard of work undertaken by Donna and her team, as well as their professionalism and sheer depth of knowledge. Their report and recommendations were very thorough and gave us the insight and knowledge that we acted upon to ensure our clients’ peace of mind. We will be using Staddon consulting as a matter of course for all future changes and periodic audits"
Jazoodle Logo
Andrew Paton-Smith
Chief Executive Officer - Jazoodle

For a detailed methodology or more information on Internal Penetration Testing

Contact us

About us

Penetration Testing

Consulting & Compliance

Solutions & Services