Internal networks are an integral part of many businesses, the infrastructure typically consists of internal servers, hosts, and domains. Internal networks are an attractive target for cyber criminals as, if they can gain a foothold, successful compromise of an internally facing server could result in a companies entire network and data being compromised.
Making use of internal network penetration testing services will help ensure a company’s infrastructure is free from common security vulnerabilities, which, if exploited by cybercriminals, would negatively impact companies both from a financial and reputational perspective.

Network Penetration Testing
What is an internal network penetration test?
An internal network penetration test is a security assessment of an organisation’s perimeter systems, with the intention of highlighting vulnerabilities, resulting from outdated software or various misconfigurations.
To carry out the test, an expert penetration tester will simulate an attack on your organisation’s infrastructure, as if they were a hacker themselves with access to your internal network.
There are three forms of methodologies that can be used in penetration testing; black box, grey box and white box.
Black box testing is when the pen tester has no prior information about the organisation’s infrastructure or data, and starts from square one, as hackers do.
Grey box testing (or, Gray box testing) is a penetration testing technique utilised to test a software product or application with partial knowledge of the internal structure of the application.
White box testing, on the other hand, is when the organisation provides information and data about the internal infrastructure, such as administrator level logins, so the pen tester has a full insight into the network and/or application. This is often the best approach for clients, as it will ensure the entire attack surface is covered.
Internal network penetration testing is often white or grey box, since the penetration tester will require access to an AD account. This type of pen test determines what’s at risk at this stage, and how might those assets be targeted. Having this priceless level of insight allows you to reinforce your cybersecurity before a real hacker potentially gains access to the internal network.
What is the difference between and internal penetration test and vulnerability scan?
An internal network pen test differs from a vulnerability scan as it offers the addition of manual testing to minimise false positives, as well as covering areas that scanners are unable to discover when enumerating a domain.
How does internal penetration testing work?
The point of an internal penetration test is that it’s almost identical to an actual cyberattack. For this, the organisation will need to trust the professional pen tester entirely, and be prepared to let them ethically hack the system.
Here at Aardwolf Security, our team of penetration testing experts have established an effective 6-step system for performing an internal network penetration test.
1. Reconnaissance
To get an idea of the client’s security level, a pen testing expert will first conduct an analysis, assessing the potential requirements, using Open Source Intelligence (OSINT).
2. Scanning
Using automated scanners, the consultant will delve deeper into the infrastructure of the client’s servers scanning all 65535 ports, probing for services, their subsequent versions, and whether there are any associated misconfigurations. Further enumeration will be carried out against the domain, this will include the following assessments:
- AD Enumeration
- Kerberos Enumeration
- Open SMB shares
- Vulnerability/Exploit checks
- MSSQL Enumeration
3. Manual assessment
This step is where most of the consultant’s time is utilised. Using a range of probing and verification techniques to delve deeper into the infrastructure, this process involves a range of specific manual penetration testing on the following areas:
- Authentication
- Authorisation
- Session management
- Group policy configuration
- Input validation and sanitisation
- Server configuration
- Encryption
- Information leakage
- Application workflow
- Application logic
4. Exploitation
Next, the vulnerabilities unveiled in the scanning and manual probing stages are raised to the client. Depending on the client’s business operations and the severity of the vulnerabilities, the client may give the consultant the go-ahead to subject certain issues to exploitation attempts.
5. Reporting
After the exploitation attempts have been made, the pen testing consultant will produce a comprehensive report to highlight the impact likelihood of all system defects, and recommend solutions.
6. Retesting
The sixth and final step of the process, offered exclusively at Aardwolf Security, is a free retesting service, once the client has actioned their software system solutions, to make sure that their infrastructure weaknesses have been resolved correctly and completely.
How long does it take to perform an internal network penetration test?
There are numerous factors that influence the scoping of a penetration test, such as:
- The number of hosts and servers
- Underlying infrastructure
- Size and number of domains
- Number of exposed services
How much is an internal network penetration test?
An internal network pen test cost is calculated by the number of days a penetration tester will take to fulfil the agreed scope. The number of days can be determined by filling out our penetration testing scoping form or messaging us through our contact form to arrange a scoping call with one of our senior penetration testers.
Aardwolf Security utilise CREST accredited penetration testers for network penetration testing, with decades of experience performing web application security testing and website security testing. Get in touch today for a free quote.