Vulnerability Assesment & Penetration Testing

It takes the average company 300 days to realise an attacker is in their network.

Do you know how far an attacker could get within your environment in that time? Internal Infrastructure Testing is an integral part of any organisation’s security strategy, assessing how misconfigurations or vulnerabilities within your internal network, both on premise and in the cloud, could be exploited by an attacker who has insider access to your environment.

Working to an agreed scope, our consultants attempt to compromise hosts, including Active Directory, Windows & Linux servers, and database servers, using non-destructive attack methods. Where possible, this may lead to the exfiltration of data. The outcome of an internal infrastructure test is a list of confirmed vulnerabilities within the specified hosts and a solid remediation plan for mitigating the risks.

As part of the engagement, our consultants provide risk ratings for each vulnerability based on the ease of exploitation and the potential impact should the exploit be used. This helps you to prioritise your remediation efforts, and manage your risks accordingly. Following the delivery of the report, we recommend a follow-up call to run through the findings and ensure that remediation advice is clear. This also allows your team to ask any further questions and clarify any areas of uncertainty.

Assessment Overview

- Host discovery & port scanning.
- Vulnerability assessment.
- Manual identification and fingerprinting of services.
- Privilege escalation attempts.
- Password evaluation.
- VLAN assessments.
- Analysis of VOIP services.
- Network mapping.
- Exfiltration of data.

Report

ZTC presents its findings in a comprehensive yet simple report format. This typically comprises: an executive summary, methodology, technical findings, and prioritised recommendations for remediation.

Reach Us to discuss