Network Penetration Testing Services
Locate and Remediate Your Network Vulnerabilities
Our team will simulate real-world attacks using manual penetration testing techniques beyond basic vulnerability scanning to determine real-world risks in your network. We outline your network security flaws and how they affect your organization for your external and internal network.
Each of our team members has decades of experience behind them and has worked not only in IT security but IT positions such as system administrators. This experience translates to our consultants knowing where to look for misconfigurations and vulnerabilities while conveying easy-to-understand remediation steps to any team member. When network security is essential, make sure you have the best penetration testing company to review it.
How Can a Network Penetration Test Benefit You?
- Discover different methods on how a malicious actor might attack your network and what possibilities they have to do so.
- Determine if your policies and procedures have gaps in them. For example, are systems fully patched before being placed in the production environment? If not, are you missing a policy to ensure this?
- Remediate hidden vulnerabilities and misconfigurations to prevent malicious actors on your network from exploiting them.
- Prevent malicious insiders such as disgruntled former employees from accessing resources and discovering gaps in detection and response.
- Show your executive team and upper management the vulnerabilities and overall risks to make informed decisions on the budget needed to increase security.
- Give your customers, partners, executives, and investors confidence about your ability to safeguard the network and trust that the network is secure from malicious actors.
Automated vs. Manual Network Penetration Testing
Automated vulnerability scanners can be a valuable tool for your organization and should be part of any defensive arsenal when securing a network. Automated vulnerability scanners can provide fast results using repeatable methods and are typically user-friendly. Vulnerability scanners as a sole solution will often miss many security vulnerabilities that they can’t possibly check.
An automated vulnerability scanner will rely on a database of known vulnerabilities. It cannot use methods to combine attacks or utilize logic to determine vulnerabilities such as permissions lacking on a folder or file or cleartext credentials located in a script on a shared drive.
Additionally, automated scanners can’t decide real risk in many cases. For example, a scanner will not determine if passwords are weak or determine risk by having the same local administrator password used on each system. Vulnerability scanners are also prone to false positives and even false negatives.
Artifice Security can use attack methods based on experience and a deep understanding of networks as a company that provides manual penetration testing. Artifice Security engineers understand complex IT environments as our team members worked as system administrators, developers, and network engineers before getting into security. Based on this experience, we know where to look and find vulnerabilities that organizations often overlook.
Types of Network Penetration Tests
External Network Penetration Test
Internal Network Penetration Test
Network Penetration Test Methodology
Define the Scope
- Determine which networks and subnet ranges (external/internal) for testing
- Outline which systems, if any, are excluded from testing
- Determine testing dates and times for the penetration test
- Exchange key personnel and emergency contact information for any critical findings
Information Gathering / Recon Phase
- Gather IP address information about your external network and hosting providers
- Searches for publicly exposed documents such as PDFs, DOCXs, XLSXs, and PowerPoint documents that may contain sensitive or customer information without your knowledge
- Searches on the Internet and Darkweb for leaked credentials within password breach databases
- Checks to find similar domain names as yours to determine your risk to phishing (risks to domain spoofing)
Enumeration and Vulnerability Scanning Phase
- Scan all 65K possible ports for TCP and UDP to determine which ports are open and which services are in use
- Check for possible misconfigurations for external systems that are in the cloud
- Enumerate all internal web ports for internal systems
- Perform vulnerability scanning against internal and external systems
- Correlate public and proprietary vulnerabilities against systems on your network
Attack and Exploitation Phase
- Use breached credentials gathered in the information gathering phase or use brute force techniques to access sensitive data
- Combine attack vectors to gain access to systems including workstations, servers, routers, switches, firewalls, printers, and any internal embedded device
- Move laterally on the network
- Escalate privileges and access sensitive data
- Show proofs-of-concept for exfiltrating data (if approved by your organization)
Reporting begins with an executive summary which gives a layman’s explanation of the vulnerabilities and conveys the overall risk to your network and organization. In addition to a summary of results, we also provide a list of positive findings found during testing. Next, the report explains how we determine criticality and risk for each vulnerability so you can better understand what to prioritize for remediation and how we rate severity for each finding.
Further in the report, we break down each vulnerability in technical detail, including a summary of the finding, affected location(s), proofs-of-concept, and remediation steps. Each detailed proof-of-concept has easy-to-follow steps for your team to recreate the process of how we exploited the vulnerability.
In addition to the report, Artifice Security also provides you with a customer-facing report and attestation letter if needed.
- Executive Summary
- Vulnerabilities rated by criticality
- Detailed walkthrough showing how we chain together attacks
- Detailed repeatable proofs-of-concept for each vulnerability
- Best practice remediation steps that are customized and realistic based on your current environment
Remediation Testing (Retesting)
As part of your penetration test, Artifice Security includes performing remediation testing (retesting) against your network and systems after your team remediates all findings. This retesting helps ensure your organization has adequately implemented changes to fix all vulnerabilities. Remediation and retesting also give compliance auditors and customers proof of your lowered or eliminated risk. After remediation testing completes, we will provide you with an updated report that reflects the current state of your network and systems.
Frequently Asked Questions
What are the most common vulnerabilities found on networks?
Of all the external and internal network penetration tests we performed, the most common vulnerability is weak passwords. For example, we still see passwords, such as “Password1”, “[Company]1”, and “[Season][Year].” With weak or default passwords enabled, users can have their password guessed or allow malicious users to enter systems by knowing the default password.
Another common vulnerability is outdated operating systems and operating systems that are not patched. Having outdated systems that no longer receive current updates puts that system at risk for compromise by allowing malware or malicious users to gain access.
Lastly, we commonly find poorly configured external and internal network systems. These systems could be misconfigured by active directory, which affects each system or excessive access to users who should not have access.
While these are the most common vulnerabilities on networks, a network penetration test will uncover numerous vulnerabilities that administrators and automated scanners miss.
What tools will you be using during a network penetration test?
We conduct the network penetration test using the Kali Linux distro from Offensive Security. This Linux distro contains many preinstalled tools used by penetration testers. Aside from the preinstalled tools that come with Kali Linux, some of the tools we use are Nmap, Metasploit Framework, CrackMapExec, PowerSploit, Empire, BurpSuite Pro, sslscan, Eyewitness, bloodhound, sharphound, SIET, unicorn, dnsenum, enum4linux, impacket suite, Responder, Nessus, and more.
Additionally, Artifice Security uses proprietary tools and custom scripts created and maintained by our research and penetration testing teams.
Will your IP address need to be whitelisted during an external penetration test?
What type of access do you need for a network penetration test?
We don’t need any special access for an external penetration test as we will be testing from an attacker’s perspective. For an internal penetration test, we will be conducting the test as if a malicious actor had access to your internal environment. We will send you a secure Virtual Machine (VM) that can be downloaded and placed in your network for your pentest. When turned on, the VM will automatically connect to our VPN server through an encrypted connection where we can tunnel back through to test your internal network. During testing, we will not need any credentials or special access.