An internal network penetration test is an advanced infrastructure assessment that assesses the extent of a security vulnerability to insider attacks or an adversary who has already gained a foothold within a network and is looking to escalate their privileges. This type of penetration test helps to gauge what an attacker could achieve with an initial access to a network. They are more detailed than automated vulnerability scans with the goal of acquiring access to sensitive assets located in the internal network. Internal penetration test involves privilege escalation, malware distribution, MiTM attacks, lateral movement, sensitive data exfiltration, and other harmful activities.
At the very least, the following steps are involved:
- Host Discovery
- Assessment
- Exploitation
- Privilege Escalation
- Post Exploitation
- Lateral Movement
- Persistence
- Data Exfiltration