Gain Visibility Over Your Internal Threats

Cybra offers a full suite of internal penetration testing services in Australia.

What is an internal pentest?

An internal penetration test is the ethical hacking of an organisation’s internal network and systems to identify security risks.

Attackers can find their way into your internal network through phishing, website malware, external vulnerabilities and more.

Internal pentest pricing

The price for internal penetration testing varies depending on the size of the networks and how many systems an organisation has. Cybra will scope the engagement based on size and complexity.

Dangers of internal pentests

All penetration testing has a chance of adversely affecting systems, but this is very rare. All systems and networks should have adequate bandwidth and system resources before commencing.

Benefits of internal pentests

The assessment identifies security gaps and vulnerabilities in internal networks and systems, so the customer can remediate them before they are exploited by a malicious actor.

What systems can be tested?

Any services hosted in a network environment that is isolated from the internet. Some systems can include network firewalls, switches, PCs, laptops, servers, printers, virtual machines, VOIP, IOT, SCADA, and VLANs.

Out of scope

Denial of Service (DoS) is strictly out of scope for internal penetration testing unless the customer requires it.

Approach

Internal penetration testing involves being connected to an organisation’s internal network. This can be in person or remotely over the internet using a secure remote connection.

Types of internal attacks

Internal pentests cover a range of cyber attacks, such as:

  1. Authentication attacks (brute force, password spraying)
  2. Authorisation bypasses
  3. Account takeovers
  4. Man-in-the-Middle attacks
  5. Windows/SMB/LDAP
  6. Active Directory attacks
  7. Vulnerability exploitation
  8. Privilege escalation / Pivoting


Authenticated testing

For the best outcome, it is recommended to use a test Active Directory account during the penetration test (assumed breach) so that the most valuable vulnerabilities can be identified.

Tools

Various open-source and commercial software and scripts are deployed during an internal penetration test.

Some examples are vulnerability scanners, port scanners, brute force tools, exploitation frameworks, and protocol analyzers.

Firewalls/WAFs

While firewalls and WAFs are effective at mitigating some risks, they can interfere with penetration testing results. For the best outcome, Cybra will request that we be added to the allow-list of any such devices.

Detection / Monitoring

While not required, it is recommended to have some level of system and security monitoring in place during a penetration test as this allows the customer to observe how their systems react to a simulated hack, providing valuable insights for the security team.

What is a pentest report?

After a penetration test, the observations, findings, results and recommendations are presented in a professional report hand-written by our experienced consultants.

Who is the report for?

The penetration test report is formulated in a way that it can be read by executives/board, managers and technical staff.

Compliance objectives

Penetration test reports can be used as supporting evidence for relevant compliance frameworks.

What’s in the report?

The penetration test report includes an executive summary, technical summary, technical findings, vulnerability details and recommendations on how to remediate all identified issues.

What format is the report in?

The penetration test report is securely delivered to you in PDF format.

The report is professionally laid out so its easy for customer to navigate through the report.

Retest reports

Cybra offers an optional service to retest any vulnerabilities identified after you have a chance to fix the issues. This is known as a retest and an updated report is provided to you showing all remediated and non-remediated issues.

More Penetration Testing Resources

Penetration Testing Australia
Learn the obvious and not so obvious benefits of modern Penetration Testing.
Penetration Test Australia | Sydney | Melbourne | Brisbane
A Complete Penetration Testing Guide for Businesses in Australia.

Book a free Cyber Security consultation today