Pentest from the Inside
binsec GmbH performs systematic internal penetration tests to identify and evaluate vulnerabilities in internal networks, servers and applications. Internal penetration tests view the IT environment from the perspective of an attacker with network access — for example after a successful phishing incident, compromised endpoints, or insider scenarios.
Below are the typical test phases and options we can combine or perform individually depending on the customer's requirements.
- Black-box (no credentials): As a default, we first assess which attack surfaces exist inside the network when no credentials are available. This phase simulates an attacker who already has network access but does not possess privileged accounts.
- Unprivileged user account (parallel or after): After (or in parallel with) a black-box test, it is often advisable to provide a regular, unprivileged employee account. Using this account we test typical user rights and restrictions and analyse whether and how lateral movement and privilege escalation can be achieved from a normal employee perspective.
- Physical Security Assessment: On request we can first evaluate physical security — for example whether unauthorized entry into buildings or sensitive areas is possible. Physical weaknesses are often the enabler for further compromises.
The following components and systems are common targets — we tailor the exact selection according to scope and objectives.
- Active Directory / Identity & Access Management
- Internal services (SMB, RDP, FTP, databases)
- Internal web applications and APIs
- Network segmentation as well as firewall and ACL rules
- Wireless infrastructure and IoT/OT devices
- Lateral movement and escalation paths
binsec offers internal penetration tests both on-site and remotely. For remote engagements we use our PenPi (Pentesting Physical Interface) — compact, secure appliances that are placed once on site and thereafter operated over an encrypted VPN connection. This allows our testers to use their full tool set and capture network traffic without continuous physical presence.
Example Report
Our service in a nutshell:
Conducting Penetration Testing (Pentest)
Since 2013 our certified penetration tester team conduct pentest for IT infrastructures, web applications, mobile APPs (iOS/Android) and other targets while every time using a structured approach based on all relevant publications. As a service provider evaluate the identified and exploited vulnerabilities based on the associated business risk and compiling it into a report that contains a summary for the IT management and the technical details of the vulnerabilities identified. After you fix the vulnerabilities, we usually perform a retest without any additional charge.
Contact us
Our service in a nutshell:
Conducting Penetration Testing (Pentest)
Since 2013 our certified penetration tester team conduct pentest for IT infrastructures, web applications, mobile APPs (iOS/Android) and other targets while every time using a structured approach based on all relevant publications. As a service provider evaluate the identified and exploited vulnerabilities based on the associated business risk and compiling it into a report that contains a summary for the IT management and the technical details of the vulnerabilities identified. After you fix the vulnerabilities, we usually perform a retest without any additional charge.
Contact us
Pentest-Methodology
Pentest use the same tools and techniques that real attackers would use to break into a system. It includes the use of security tools and carrying out manual tests to uncover vulnerabilities. Thus is it not a automatic vulnerability assessment. On the contrary, as a service provider for penetration testing we are using the same tools and techniques that real attackers would use to break into a system. But while a real attacker only needs to find and exploit one vulnerability, a penetration tester checks all relevant attack vectors.
Having a structured approach is one of the most important factors to achive this in order to provide a professional pentesting service. This is also important when performing a Internal pentest. Our approach is based on all relevant standards and publications.
Offer for Internal Pentest
Pentest are always a compromise between effort and cost, to get a reasonable price. Successful pentest offer a good balance between these criteria to facilitate the testing of all relevant attacks and attack vectors. The cost of such a test always depends on the time the penetration tester spends and on the extent and complexity of the IT system or web applications. While a penetration test for a small application takes only some days, it can take several weeks for a large network or complex application.
For a pentest offers we do require prior information about the systems and applications that are to be examined. It is important that we get an initial impression of the target. For web applications, for example, test access can be helpful. Any additional information, e.g. the framework etc., can make it easier for us to draft a suitable offer for you. If you need us to pentest an IT system, we will need the corresponding network addresses in advance. In this particular case, we will first perform a non-invasive network scan to get a first look at your network. We will provide a detailed offer once we can estimate the effort required.
binsec GmbH is a german pentest company for professional penetration testing. Get in touch with us for your Internal pentest offer - get your pentest today!
Contact us
Pentesting
for specific standards and requirements
There are a lot of standards or legal requirements worldwide, that require conducting of a penetration test.
binsec GmbH for professional Penetration Testing Internal pentest
binsec GmbH is the german professional penetration testing company for your Internal pentest. Get a pentest offer without typical sales nonsense. Talk to experts instead to pre sales consultants. Better pentesting. No nonsense. As a professional penetration test provider we do some things differently than other pentest provider: As a penetration test firm, we do not sell vulnerability scans as pentest. We do also focus on business security risks. You are looking for a professionally conducted penetration tests? Get the binsec team for your Internal pentest pentest!
Contact us
Frequently Asked Questions
It is difficult to give an generalized answer to this question, since the toolset used basically depends on the respective test object. Of course, we use tools such as nmap to check IT infrastructures or the Burp Suite Professional in the case of web applications.
However, we believe that publishing a tool list is mere window dressing, as each target system should be tested individually. However, you are welcome to ask us about the tools we used after the pentest.
+49 692475607-0