internal penetration testing

What Is Internal Penetration Testing? | An Easy-to-Follow Guide

What Is Internal Penetration Testing?

Internal penetration testing simulates an attack on your organization that originates from within it. This type of penetration testing assumes that a malicious party somehow has access to your network. It could be a disgruntled employee or a skilled hacker using a variety of techniques to break in.

Why Internal Penetration Testing Is Important

Internal penetration testing reveals the vulnerabilities of your internal systems and what damage an in-house attack can cause. It enables you to protect yourself against insider threats proactively.

Many organizations tend to focus on threats from outside sources; however, an internal attack can be just as likely, if not more. In fact, sixty percent of organizations have faced an insider threat in the past year.

How Does Internal Penetration Testing Work?

Penetration testing, no matter the type, typically follows a standard procedure (reconnaissance → attack → report). However, the tactics within those steps vary from test to test.


A tester’s first move in the process is to perform reconnaissance. (S)he works to map out as much of your organization’s network as possible using a variety of techniques from within the system.

Passively, the tester implements network sniffers, like Wireshark, to monitor and collect network traffic. (S)he then analyzes that information to discover hosts, protocols, ports, services, and other attack vectors.

A more active technique, the tester also sends traffic to your organization’s network with specialized scanners. The purpose of this activity is to find network properties such as users, domains, versions, operating systems, and other relevant information.

Once the tester successfully maps out your network, (s)he scans it for vulnerabilities. Fortunately (or unfortunately, depending on how you look at it), tools like Nessus and OpenVas automatically probe the network for those weaknesses.


After validating the vulnerabilities (s)he discovered in the reconnaissance stage, the tester simulates attacks to see the extent of damage that they would cause. Kali Linux, Core Impact, Canvas, Metasploit – these tools represent just a few of the devices a tester uses to exploit internal vulnerabilities.

During the internal penetration testing attack, the tester looks specifically for the following issues:

Screenshot 2019-10-28 15.28.00.png

Additionally, the pen tester may attempt to crack the password hashes (s)he collected during reconnaissance. Several pieces of information (dictionaries, rules, leaked credentials, password phrases) exist online that help with this process.

After gaining access through a cracked password or one of the vulnerabilities from the table above, the tester attempts to exploit the network further. Primarily, (s)he works to pivot through your system, gather additional credentials, and gain access to more resources. Some of the tasks include:

Screenshot 2019-10-28 16.14.41.png


The final, and most important, step of any internal penetration testing process is reporting. From the beginning of the reconnaissance to the end of the attack, the tester records every action (s)he takes.

Additionally, (s)he notes the vulnerabilities (s)he discovers, the level of damage they could cause, any relevant explanations, as well as recommendations on fixing them.

Is Internal Penetration Testing Right for Your Organization?

You now (hopefully) know a little bit more about internal penetration testing. And you’re probably wondering whether it’s right for your organization.

Any organization, large or small, public or private, can benefit from internal pen tests. Although they come with an up-front cost, the expenses are negligible in comparison to a security breach that you could have prevented by getting one. If you’re on the fence, schedule a free consultation today to see if internal penetration testing is right for you.

Leave a Reply

Your email address will not be published.