We start with Network-based vulnerability scans on the internal network. This initial pass aims to discover devices on the network, the services that are accessible and find known vulnerabilities that attackers could exploit on the local network. This helps to judge how “soft” the network’s core is and how easily an attacker could spread across the network to gain additional access if the boundary was compromised or malware deployed to a workstation.

We follow this with further exploration of the discovered services using custom tooling and manual exploration. If you provide login details for Windows or Linux systems, then we will also perform authenticated scans to check for software patch levels and common misconfigurations that cause information leakage.

This testing will include:

1. Asset discovery and fingerprinting
2. UDP and TCP Port Scan
3. Vulnerability assessment
4. Penetration testing of any targets based upon the tester’s judgement and output of the Vulnerability assessment.
5. Attempts to identify services that may indicate the presence of unauthorised storage services or connections to the network
6. Authenticated scan of Windows servers and where accounts have been provided
7. Authenticated scan of Linux servers where accounts have been provided
8. Before we start any testing, we’ll agree a formal testing Scope document with you. In this, we’ll agree on the IP addresses that are in scope; and any limitations or restrictions on the testing we can perform – for example systems that are in production use; or systems that can be easily rebuilt and thus we can perform more aggressive testing.

We will need you to provide either VPN access, or allow us to deploy a small staging server to undertake our tests.

Once our testing is complete, we’ll provide you with a report with detailed findings, their impact and how to fix them. We can also provide consultancy to help fix these if that is useful to you.