Internal Network Pentests

Review methodologies for Internal Networks.

Our pentesters test your assets rigorously.

We use the penetration testing methodologies listed on the page, based in large part on the OSSTMM.

Special Pentester Needs

Our pentests of internal networks are all performed remotely. To support this access, our pentesters need:

Access to your internal network through a stable VPN.
A lightweight Linux server inside the network, used as a jump box.
- If you use AWS for your internal network, you can use this link to set up a virtual machine.
- You can also download a Kali VM Image.
- You’ll need to set up key-based SSH access for each pentester.

Internal Networks

The Cobalt team of pentesters can proceed with a minimum of information, such as the IP addresses in question. However, you can include the following details in the scope of your desired pentest:

Network diagrams
Infrastructure diagrams
Accounts (even temporary accounts for pentests)
User information

When you set up a pentest for an internal network asset in the UI, you’ll see the following in the Objectives text box:

Coverage of OSSTMM and SANS top 20 security controls.

Learn more about these objectives:

Open Source Security Testing Methodology Manual (OSSTMM) (PDF)
SANS Top 20 Security Controls CIS Controls v8

We follow an industry standard methodology primarily based on the OSSTMM standard for penetration testing.

Reconnaissance
- Corporate website
- Related websites, databases
- DNS
- Public records (such as WHOIS information)
Service Discovery
- Port scans on specific IP ranges
- Focus on public-facing services
- Follow-up with further tests
Vulnerability scans
- Test for penetration of the internal network
Manual assessment
- Public-facing services (Web, FTP, email, firewalls, routers, DNS, VPNs, and more)
- Access control systems such as Microsoft Active Directory
- Less secure email protocols (SMTP, POP3, IMAP)
- Printers
Report, triage, and retest

Internal network pentest flow

Additional Requirements

You’re welcome to define additional test objectives. If you follow best practices other than OWASP, ASVS, or OSSTMM, let us know. Include a link or other documentation. If it’s a “well-known” security practice, our pentesters probably already know them!

If you have special instructions for a pentest, add them later, under Special Instructions.

Was this page helpful?

Yes No Create an Issue

Last modified May.05.2023