Internal Penetration Test
Request a Quote for Penetration Test
Call Sales: +41 22 560 68 41
ImmuniWeb® by High-Tech Bridge

High-Tech Bridge Newsletter

Subscribe to our newsletter and receive some or all of our corporate news, invitations to security events or HTB Security Advisories – you choose what you want to receive.

Internal Penetration Testing

Internal penetration testing, also known as internal pentest, focuses on threats and risks surrounding internally connected systems, should them be related to an inside attacker or to a corporate computer which is remotely used by an external hacker to reach sensitive company's assets without facing its perimeter defenses.

The most demanded modules of internal penetration test include the following:

Internal penetration testing modules

Client-Side Applications Attack

Client–Side applications attacks combined with social engineering are very efficient and complex to detect. The module verifies resistance of the application layer (e-mail clients, browsers, office and PDF programs) within local user-machines to a large number of application attacks.

Trojan Horse Attack

Trojan horse remains one of the most used and successful attacks today. Attacker keeps full control over compromised machine, stays invisible and can do whatever he wants inside of the system. This module of internal penetration test will check your firewall and IDS/IPS capabilities to identify and block Trojan horses and backdoors, as well as local security of user-machines.

Malicious Employee Attack

This module simulates behavior of a malicious employee who has a privileged access to a number of local IT resources, or who is trying to escalate his privileges and access rights. Log-management systems, behavior-based IDS and IPS will be carefully tested, as well as user rights segregation and access-level control.

Social Engineering and Phishing

Naive or deceived employee can cause serious damage to your information system, by opening doors and granting unauthorized access to malicious persons. High-Tech Bridge experts will test psychological skills, respect of corporate security policy and procedures during the Social Engineering module of internal penetration testing.

Malicious or Unauthorized Content

Malicious or unauthorized content module tests if content filters of your information systems (email, web and others) are correctly blocking all the malicious or unauthorized content in conformity with corporate security policy and security best-practices.