Internal Penetration Testing

Internal Penetration Testing

Imitates an insider threat and identifies how an attacker with internal access may compromise or damage the network, systems, or data.

An internal penetration test emulates the role of an attacker from inside the network. A TCM Security engineer will scan the network to identify potential host vulnerabilities. The engineer will also perform common and advanced internal network attacks, such as: LLMNR/NBT-NS poisoning and other man- in-the-middle attacks, token impersonation, kerberoasting, pass-the-hash, golden ticket, and more. The engineer will seek to gain access to hosts through lateral movement, compromise domain user and admin accounts, and exfiltrate sensitive data.

All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.


Customer goals are gathered and rules of engagement obtained.


Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.


Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.


Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.

Small Business Cybersecurity

Thorough Testing

Activities performed during external penetration testing include, but are not limited to:

Vulnerability scanning and service enumeration

Password and pass-the-hash attacks

Shared resource enumeration

Pivoting attacks

Hash cracking

Kerberoasting attacks

Other testing depending on specific customer content and footprint

Get In Touch

Email: info@akdesignsph.com
MON-FRI 09:00 - 19:00, SAT-SUN 10:00 - 14:00
Scroll to Top