Network Penetration Testing Services

Locate and Remediate Your Network Vulnerabilities

Our team will simulate real-world attacks using manual penetration testing techniques beyond basic vulnerability scanning to determine real-world risks in your network. We outline your network security flaws and how they affect your organization for your external and internal network.

Each of our team members has decades of experience behind them and has worked not only in IT security but IT positions such as system administrators. This experience translates to our consultants knowing where to look for misconfigurations and vulnerabilities while conveying easy-to-understand remediation steps to any team member. When network security is essential, make sure you have the best penetration testing company to review it.


How Can a Network Penetration Test Benefit You?

A network penetration test equips your team and your organization with a top-down view of flaws that are present in your network. A network penetration test will provide you with the following:
  • Discover different methods on how a malicious actor might attack your network and what possibilities they have to do so.
  • Determine if your policies and procedures have gaps in them. For example, are systems fully patched before being placed in the production environment? If not, are you missing a policy to ensure this?
  • Remediate hidden vulnerabilities and misconfigurations to prevent malicious actors on your network from exploiting them.
  • Prevent malicious insiders such as disgruntled former employees from accessing resources and discovering gaps in detection and response.
  • Show your executive team and upper management the vulnerabilities and overall risks to make informed decisions on the budget needed to increase security.
  • Give your customers, partners, executives, and investors confidence about your ability to safeguard the network and trust that the network is secure from malicious actors.


Automated vs. Manual Network Penetration Testing

Automated vulnerability scanners can be a valuable tool for your organization and should be part of any defensive arsenal when securing a network. Automated vulnerability scanners can provide fast results using repeatable methods and are typically user-friendly. Vulnerability scanners as a sole solution will often miss many security vulnerabilities that they can’t possibly check.

An automated vulnerability scanner will rely on a database of known vulnerabilities. It cannot use methods to combine attacks or utilize logic to determine vulnerabilities such as permissions lacking on a folder or file or cleartext credentials located in a script on a shared drive.

Additionally, automated scanners can’t decide real risk in many cases. For example, a scanner will not determine if passwords are weak or determine risk by having the same local administrator password used on each system. Vulnerability scanners are also prone to false positives and even false negatives.

Artifice Security can use attack methods based on experience and a deep understanding of networks as a company that provides manual penetration testing. Artifice Security engineers understand complex IT environments as our team members worked as system administrators, developers, and network engineers before getting into security. Based on this experience, we know where to look and find vulnerabilities that organizations often overlook.

test types

Types of Network Penetration Tests

External Network Penetration Test

Every day, your systems on the external network undergo attacks from both automated and malicious actors, which means you require constant comprehensive testing. Artifice Security would perform manual attacks against your Internet-facing systems during an external penetration test to gain a foothold into your environment. After gaining access to an external system, Artifice Security would attempt to use the exploited system as a pivoting point to access other critical services and data within your organization to show more significant risk. If Artifice Security obtains access, we will simulate data exfiltration as a proof of concept to test your detection abilities.

Internal Network Penetration Test

Artifice Security would act as a malicious insider during an internal network penetration test and examine your internal network for various vulnerabilities from unpatched systems to misconfigurations against domain controllers and servers. After obtaining encrypted passwords (password hashes), we would attempt password hash cracking along with password analysis to determine if your controls and user training for password creation are adequate. Additionally, we would simulate data exfiltration as a proof of concept to test your detection abilities.


Network Penetration Test Methodology

After years of performing penetration testing, Artifice Security has created a proven, repeatable methodology that will meet your organizational needs. Each finding in the report given to you has verifications with no possible false positives. We operate as a manual penetration testing company that offers you proofs-of-concept that you can verify. To achieve this success, we organize the process using the following steps:

Define the Scope

Before the start of the network penetration test, Artifice Security will collaborate with your team to determine the exact scope of your network. We will communicate with your team to understand the size of your network and the time needed to complete the penetration test.
  • Determine which networks and subnet ranges (external/internal) for testing
  • Outline which systems, if any, are excluded from testing
  • Determine testing dates and times for the penetration test
  • Exchange key personnel and emergency contact information for any critical findings

Information Gathering / Recon Phase

During the information-gathering phase of the assessment, Artifice Security will perform passive information gathering against your organization using Open Source Intelligence (OSINT) tools and techniques. This public data can help us determine undiscovered risks to your organization and show you what information is out there that you may not know exists. This targeted intelligence includes the following checks:
  • Gather IP address information about your external network and hosting providers
  • Searches for publicly exposed documents such as PDFs, DOCXs, XLSXs, and PowerPoint documents that may contain sensitive or customer information without your knowledge
  • Searches on the Internet and Darkweb for leaked credentials within password breach databases
  • Checks to find similar domain names as yours to determine your risk to phishing (risks to domain spoofing)

Enumeration and Vulnerability Scanning Phase

Artifice Security will use active information-gathering tools and techniques to determine all possible attack vectors during the enumeration phase. We will assemble the information from this phase and the previous phase as the foundation for our attack and exploitation phase.
  • Scan all 65K possible ports for TCP and UDP to determine which ports are open and which services are in use
  • Check for possible misconfigurations for external systems that are in the cloud
  • Enumerate all internal web ports for internal systems
  • Perform vulnerability scanning against internal and external systems
  • Correlate public and proprietary vulnerabilities against systems on your network

Attack and Exploitation Phase

During the attack and exploitation phase, Artifice Security will use manual penetration testing techniques to exploit vulnerabilities found in your network. We perform this exploitation using professional tools and manual techniques while being cautious about protecting your data and not interrupting normal business functions. At this phase, we will perform the following tasks against your network:
  • Use breached credentials gathered in the information gathering phase or use brute force techniques to access sensitive data
  • Combine attack vectors to gain access to systems including workstations, servers, routers, switches, firewalls, printers, and any internal embedded device
  • Move laterally on the network
  • Escalate privileges and access sensitive data
  • Show proofs-of-concept for exfiltrating data (if approved by your organization)

Reporting Phase

During the reporting phase, Artifice Security will culminate all information about your organization and all vulnerabilities discovered for your network. As a manually-performed penetration testing company, we guarantee that no false positives will be in your report.

Reporting begins with an executive summary which gives a layman’s explanation of the vulnerabilities and conveys the overall risk to your network and organization. In addition to a summary of results, we also provide a list of positive findings found during testing. Next, the report explains how we determine criticality and risk for each vulnerability so you can better understand what to prioritize for remediation and how we rate severity for each finding.

Further in the report, we break down each vulnerability in technical detail, including a summary of the finding, affected location(s), proofs-of-concept, and remediation steps. Each detailed proof-of-concept has easy-to-follow steps for your team to recreate the process of how we exploited the vulnerability.
In addition to the report, Artifice Security also provides you with a customer-facing report and attestation letter if needed.

  • Executive Summary
  • Vulnerabilities rated by criticality
  • Detailed walkthrough showing how we chain together attacks
  • Detailed repeatable proofs-of-concept for each vulnerability
  • Best practice remediation steps that are customized and realistic based on your current environment

Remediation Testing (Retesting)

As part of your penetration test, Artifice Security includes performing remediation testing (retesting) against your network and systems after your team remediates all findings. This retesting helps ensure your organization has adequately implemented changes to fix all vulnerabilities. Remediation and retesting also give compliance auditors and customers proof of your lowered or eliminated risk. After remediation testing completes, we will provide you with an updated report that reflects the current state of your network and systems.


Frequently Asked Questions

What are the most common vulnerabilities found on networks?

Of all the external and internal network penetration tests we performed, the most common vulnerability is weak passwords. For example, we still see passwords, such as “Password1”, “[Company]1”, and “[Season][Year].” With weak or default passwords enabled, users can have their password guessed or allow malicious users to enter systems by knowing the default password.

Another common vulnerability is outdated operating systems and operating systems that are not patched. Having outdated systems that no longer receive current updates puts that system at risk for compromise by allowing malware or malicious users to gain access.

Lastly, we commonly find poorly configured external and internal network systems. These systems could be misconfigured by active directory, which affects each system or excessive access to users who should not have access.

While these are the most common vulnerabilities on networks, a network penetration test will uncover numerous vulnerabilities that administrators and automated scanners miss.

What tools will you be using during a network penetration test?

We conduct the network penetration test using the Kali Linux distro from Offensive Security. This Linux distro contains many preinstalled tools used by penetration testers. Aside from the preinstalled tools that come with Kali Linux, some of the tools we use are Nmap, Metasploit Framework, CrackMapExec, PowerSploit, Empire, BurpSuite Pro, sslscan, Eyewitness, bloodhound, sharphound, SIET, unicorn, dnsenum, enum4linux, impacket suite, Responder, Nessus, and more.

Additionally, Artifice Security uses proprietary tools and custom scripts created and maintained by our research and penetration testing teams.

Will your IP address need to be whitelisted during an external penetration test?

We prefer to have our IP address not whitelisted at the beginning of any penetration test. We can test your security controls to ensure they work if you have security controls that block malicious traffic. If your organization blocks our IP address during testing, we will notify you and then ask for our IP address to be whitelisted to continue testing.

What type of access do you need for a network penetration test?

We don’t need any special access for an external penetration test as we will be testing from an attacker’s perspective. For an internal penetration test, we will be conducting the test as if a malicious actor had access to your internal environment. We will send you a secure Virtual Machine (VM) that can be downloaded and placed in your network for your pentest. When turned on, the VM will automatically connect to our VPN server through an encrypted connection where we can tunnel back through to test your internal network. During testing, we will not need any credentials or special access.

Leading-Edge Cybersecurity