Testing
Internal Penetration Testing
Protect your organization's most critical assets from insider threats by simulating attacks on your network. Testers will move laterally and escalate privileges to gain access to personal information, business infrastructure, and intellectual property.
Know your threats
84% of breaches are
from insider threats!
Automated and manual testing procedures allow our testers to carry out unique attack paths many other firms will miss.
Our offensive testers will gain initial footholds onto the internal network and showcase the attack paths threat actors can take to complete internal breaches.
Beyond Scanners
Experts in exploitation techniques
Attacks can be complex and depend on environment configurations. This is why techniques such as kerberoasting, ADCS abuse, protocol abuse, zerologin, and many more are performed daily by the Sprocket testing team while using Continuous Penetration Testing.
Our blend of automated and manual penetration testing techniques offers organizations constant visibility into emerging threats against their internal networks' attack surface.
Insights
Internal Testing Insights
After an internal test is complete, testers provide organizations with a detailed explanation of all the paths used during the attack. If an attack results in exploitation, the resulting Finding becomes available for users on the Platform.
These insights can then be interacted with and processed during remediation efforts.
How it Works
Internal Testing Methodologies
Dropbox Setup
A physical or virtual system is placed into your organization's internal environment to receive exfiltrated data. The dropbox is used to conduct all attacks, just as if a security consultant is sitting in your office (or cloud).
Vulnerability Analysis
Testers dive deep to discover vulnerabilities across your attack surface. Whether it be outdated web applications or misconfigurations, Sprocket discovers risk. Testers meticulously catalog services, assets, applications, and configurations in need of review with actionable insights.
Credential Abuse
Another large part of our testing process is attempting to guess employee credentials. Our testers have worked tirelessly to perfect this process to heighten the chances for success. Employee credentials are a pivotal part of most compromise scenarios. Sprocket has turned this process into a science.
Gain foothold / Exploitation
Testers go from network access to gaining a foothold on a corporate asset via credential abuse, exploitation, or abuse of misconfigurations. This foothold can provide domain-level access or access to privileged cloud assets. This is just the beginning of an attacker's journey!
Lateral Movement
After exploiting an asset or pivoting into your internal network, testers then identify what real threats your organization faces. Testers attempt to access personally identifiable information, critical business infrastructure, and intellectual property to showcase what the real bad guys are targeting.
Showcase Impact
Upon accessing critical business infrastructure and other important data, Sprocket illustrates exactly what the risk of the identified exploitation may cause to your organization. You'll get to see exactly what sensitive data can be stolen or exfiltrated from your organization's environment.
Continue Reading
Explore internal penetration
testing tools & resources.
How to: Execute passive internal recon during continuous penetration testing
When we launch continuous penetration testing in a new network, we don't want to raise suspicion of our presence. For one reason, we may be able to get credentials without doing anything intrusive at all. To do it, we… read more →
Read moreContinuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations