Internal Penetration Testing Services

Our Internal Penetration Testing Services are Used for Insider Threat Testing

Don't hesitate - hire Blue Goat today! They discovered a major vulnerability with our domain controller and a Tomcat server that allowed them to easily and quickly get domain admin on our environment! We are glad they found this before a real black hat did.

Misti Boyd

COO

Steps to Schedule Your Internal Penetration Test:

1. Schedule a 30-minute Discovery Session

2. We determine IF and HOW we can help

3. We provide a Tailored Proposal

4. Together, we review the Proposal

As ethical (white hat) hackers, we emulate an attacker by utilizing similar techniques to perform reconnaissance, identify vulnerabilities, and break into your systems. Unlike an attacker, however, we stop our test before exposing sensitive data or doing harm to your environment. With an Internal Penetration Test, we have “user” level knowledge about and access to a system. An Internal Penetration Test is typically used when you want to test an insider threat to determine what damage a user (non-administrator) could do to your environment.

An Internal Penetration Test is commonly used to test Insider Threat. The insider could be malicious or innocent (a user that was phished or compromised).

With use user-level access to an Enterprise Windows Domain for the Insider Threat scenario. We use this authenticated, user-level access to validate and test user rights, permissions, and access. A user should only be provided what is required for them to perform their job. Many organizations do not fully understand or have documented all the access a “user” may have. For example, we have found organizations where a standard user-level account could access the network shares of everyone in the company, including the CEO. This was due to improper permissions on network shares. This is not an uncommon scenario.

INTERNAL PENETRATION TESTING METHODOLOGY

We follow a seven phase methodology designed to maximize our efficiency, minimize risk, and provide complete and accurate results. The overarching seven phases of the methodology are:

Planning and Preparation
Reconnaissance / Discovery
Vulnerability Enumeration / Analysis
Initial Exploitation
Expanding Foothold / Deeper Penetration
Cleanup
Report Generation

BENEFITS / RETURN ON INVESTMENT (ROI)

We think it is better to have an ethical hacker find the holes into your enterprise than an adversary or insider. Our Penetration Testing provides details on exploitable vulnerabilities in a prioritized, tangible manner. Our report allows you to better understand what your environment looks like from an attacker perspective. This helps you prioritize efforts to mitigate risk to reduce breach likelihood or damage.

Our Internal Penetration Testing services help you meet compliance audit requirements such as HIPAA, SOC 2, PCI DSS, and FISMA.

DELIVERABLE

The Internal Penetration Test Report includes IP addresses tested, vulnerabilities discovered, steps taken during the assessment, exploitable areas discovered, and prioritized recommendations. For any systems we are able to exploit, an “Attack Narrative” section is used to discuss step-by-step the process we used to gain access, escalate privileges, etc.

Our purpose is simple — to make your organization secure

The number of cybersecurity incidents continues to climb. The variety of attacks continues to grow. It is no longer a question of if you will have a cyber event.