Internal Penetration Testing

An internal penetration test simulates the actions of an attacker operating within the network. RCS experts scan the network to identify potential vulnerabilities within hosts. Our experts conduct both standard and sophisticated internal network attacks, such as LLMNR/NBT-NS poisoning, other man-in-the-middle attacks, token impersonation, kerberoasting, pass-the-hash, golden ticket attacks, AD CS attacks, and more. The objective is to gain access to hosts via lateral movement, compromise domain user and admin accounts, and access and exfiltrate sensitive data.

RCS Testing Methodology

All testing conducted at RCS follows the guidelines of the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, the OWASP Testing Guide (v4), and incorporates customized testing frameworks.

Create an image suggesting a checklist.jpg

PLANNING

RCS works together with our customers to gather customers' goals for the assessment, and rules of engagement are obtained

generate an image depicting a vulnerability scanning and its report.jpg

DISCOVERY

Experts at RCS perform enumeration and scanning to discover vulnerabilities in customers' environment

create an image of someone performing social engineering .jpg

ATTACK

RCS team of experts leverages several attacks to confirm discovered vulnerabilities and perform further discovery upon gaining access to the system in the scope of assessment

REPORTING

A comprehensive report of all discoveries exploits leveraged in assessment, failed attempts, customer strengths and weaknesses, and actionable mitigation strategies