Internal Penetration Test

The Service

Our Internal Penetration Test gauges the effectiveness of your internal security controls against an attacker with access to internal network resources. This attacker could be a knowledgeable malicious insider, an external attacker that has gained limited access, or a “beachhead” on the internal network. The purpose of this test is to simulate a real-world attack with specific goals, generally gaining root or administrative access to targeted systems, or access to data stores.

Our assessment process is performed by specially trained individuals using current attack methodologies and tactics. The Internal Penetration Testing deliverables include a detailed narrative report with specific attack paths and scenarios, along with recommended remediation strategies.

The test is performed in two phases. One phase is performed with network access only, and the second with network access and limited user access to simulate an internal user compromise. Our test mirrors how actual attacks occur, without the stress or liability. Our Red Team will employ cutting edge techniques and strategies used by today’s cybercriminals to detect and evaluate your security controls.

This test does not replace a traditional Internal Vulnerability Assessment or External Penetration Test, but complements it by enabling you to assess how your layered security controls hold up to a skilled attack.


The Scope of Work

The scope of our Internal Penetration Test is straight forward:

  • Goals or “flags” are set by you prior to the assessment and serve as the objective for the Red Team.
  • All internal systems may be targeted unless specifically excluded.

Man jumping canyon
Sailor at helm


The 10-D Security Difference
  • Our Red-Team (attacker) and Blue-Team (defender) experience allows for a more thorough evaluation and more meaningful results.
  • We have nationwide testing experience with ALL types and sizes of institutions.
  • Our proprietary tools capture and review key data in a fraction of the time.
  • We specialize in testing the critical, sensitive infrastructures of financial institutions.
You would benefit from a 10-D
Internal Penetration Test if
  • Your incident response plan is ready for testing.
  • Your management values a proactive evaluation and the preemptive assurance this assessment will bring.
  • Your IT Team has a “game on” or “bring it” attitude and is ready to engage.

Keep your institution off the evening news.


Contact Us