Identify and fix weak points in your IT infrastructure

A penetration test is a security assessment for your organization's internal or external IT infrastructure and exposed network services. Before the penetration test begins, goals and specifications for the test are defined together with your team.
An external penetration test's most common goal is to determine whether an attacker can gain a foothold in your company's internal network.
In an internal penetration test, the two most common scenarios are that either an attacker succeeds in compromising a host computer (e.g., through a phishing attack) or an attacker succeeds in gaining physical access to the network ("cleaning staff scenario").

External Penetration Test

The external penetration test is carried out from the perspective of an outside attacker who analyzes the publicly available IT infrastructure of your organization. We are following the same steps an attacker would take to gain access to your organization's internal networks. The following is an exemplary list of actions taken:


  • Detection of all IT systems within the area provided by your organization (e.g., DNS / IP range)
  • Detect all services running in the area
  • Get DNS records that can be used to identify additional systems.

Identify Vulnerabilities

  • Identify version information of running services
  • Basic interaction with the services to obtain configuration information

Exploit Vulnerabilities

  • Check for known weak points or incorrect configurations in connection with the externally accessible services found
  • If possible, exploits are identified; these are checked for effects on the target service's stability.
  • Testing whether the presumed vulnerability can be exploited by using the exploit or coordinating a time window with your organization for the use of the exploit

Post Exploitation

  • After the vulnerability has been successfully exploited: Check whether it is possible to achieve the objective of the external penetration test

Continuation/restart of the process

  • Examination of whether further identified vulnerabilities can be exploited to gain access to your organization's internal network.
As soon as internal access is available, the entire process may start again from the perspective of an internal attacker who has already received internal network access (e.g., to the DMZ).
The external penetration test is a service offering that should be used after your company has tried to harden the external perimeter - mainly through patching and secure configuration of available services. This validates the effort that your company has invested in prevention and protection and, if necessary, identifies possible areas with potential for improvement.

Internal Penetration Test

The internal network penetration test can be carried out in different ways. Some of the more common scenarios are as follows:

Compromised host scenario

Your company provides user accounts to be used for the assessment. Providing the accounts would simulate an attacker successfully launching a spear-phishing attack and gaining internal access and/or a malicious internal agent. Access to the user's system via:

  • Remote access (e.g., VDI)
  • Image to boot
  • End-user laptop

Compromised server in the DMZ scenario

Your company provides user accounts to be used for the assessment. Providing the accounts would simulate an attacker successfully launching a spear-phishing attack and gaining internal access and/or a malicious internal agent.

Cleaning staff scenario

Use of a network connection within your company. The implementation is usually either carried out remotely by connecting a mini-computer to one of your network sockets or on-site with one of your experts.

Regardless of the scenario, the test begins again with the same steps an attacker would take.


  • Identify systems within the agreed area of the internal network
  • Determination of the running network services


  • Evaluation of version and configuration information for running network services
  • Identify network shares that allow access and search for confidential data
  • Search for systems in your company's internal domain that grant (all) users administrator rights

Exploitation of vulnerabilities

  • Research of known vulnerabilities and potential misconfigurations of running network services
  • If necessary, we will coordinate a system and time window with your organization to safely check the exploitability of potential weak points
  • Check whether the potential vulnerability can be exploited and whether the execution of the exploit is successful

Post exploitation

  • Check whether it is possible to achieve the previously agreed goals of the internal penetration test

Continuation/restart of the process

  • After we have gained access to an additional system in your environment, the whole process is restarted
  • The new computer system or new user accounts discovered may have access to various other systems or data in your organization
The internal penetration test is very valuable for companies that want to know what an attacker can do and what they can gain access to if an internal system has been successfully compromised. An internal penetration test should be carried out after your organization has invested time and money in the internal network to ensure that the configuration and processes used are successful in providing comprehensive protection for the infrastructure.

Special Scenario

Command and Control (C2) & Exfiltration

During a C2 assessment, we examine the technical and organizational abilities of your organization to detect and block sophisticated malware as well as to react to malware that is sent via email.

In particular, it is also about checking which options are available in your company infrastructure to recognize and also to block the communication channels used by attackers for C2 and data exfiltration.

Special Scenario

Pivoting & Lateral Movement

Starting from a basic user account, we try to gain access to other systems, identify sensitive information, escalate permissions on the system, and to other areas of the network. The access level used as a starting point simulates what an attacker might have gained through a successful phishing email campaign or by impersonating an employee or contractor.


Sie haben Fragen oder Interesse? Sprechen Sie uns gerne an.

(0621) 48 345 010

Dr. Ewan Fleischmann

Dr. Ewan Fleischmann
Security Consultant, CISSP, OSCP, OSCE

We use cookies to improve user experience and analyze website traffic. Read about how we use cookies and how you can control them by clicking "Privacy Preferences".

Privacy Preferences I Agree

Privacy Preferences

When you visit any website, it may store or retrieve information through your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to permit data collection from certain types of services. However, not allowing these services may impact your experience.