Internal IT Infrastructure Penetration Test
Diese Seite ist auch auf Deutsch verfügbar.
An Internal IT Infrastructure Penetration Test simulates an attacker who already has a foothold inside your network (for example after a phishing click) and tests whether they can move laterally and reach Domain Admin.
What if one of your employees clicks on the wrong email attachment? Will you be able to stop the attack, or will the attackers be able to move laterally from there and take over all your systems? This is why you should conduct an internal infrastructure penetration test. The internal system is just one wrong click away from being “public”.
Experience has shown that the externally facing infrastructure is often quite well secured nowadays. However, if you look at the internal network, the story is often sadly different. No encryption used, security mechanisms turned off (legacy software does not support them), or completely outdated software. In the worst-case scenario, these vulnerabilities could lead to a complete compromise of company data.
Scope
This penetration test can be tailored to focus on specific systems, such as a particular server or the configuration of Windows clients, as determined during the scoping call. Moreover, this test can assess your detection capabilities, although it’s important to note that detection is not the primary focus of a penetration test. These are the main focus points of the test:
- Penetration test of Active Directory
- Check whether all recommended countermeasures are in place
- Identification of vulnerabilities in the network
- Identification of outdated software in the network
- Misconfigurations, e.g., Active Directory Certificate Services
- Test for open file shares with confidential data
- And overall: can an attacker gain Domain Admin rights in your network?
Why
- Find and fix vulnerabilities in your internal infrastructure
- Secure your machines so that the impact of attacks is lower
- Your infrastructure is a living system; only regular checks can help find misconfigurations.
Why VidraSec 🦦
I have, many times, gained Domain Admin rights, starting just as a normal user. In many different types of companies, I can tell you that being small or big doesn’t make a difference. If I can do it, an attacker can also do it. And I hope that me explaining the vulnerabilities and how to fix them in a report is more pleasant than an attacker explaining where to send the Bitcoins.
Note: This test includes Active Directory testing from an attacker’s perspective (can I reach Domain Admin?). An Active Directory Audit is a separate, deeper white-box analysis of AD configuration — both are complementary and often combined.
Typical Duration
3–5 days of testing (up to 2 weeks for large environments). Reporting takes roughly 30–50% of the test time on top.
Typical Price
from 8,000 €
The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.
Deliverables
Every engagement includes:
- Written findings report with all vulnerabilities, prioritized by severity, with remediation steps
- Management summary tailored to your audience (technical or executive)
- Live debriefing to walk through findings and answer questions
- Retesting after remediation available on request
See example reports for what a VidraSec report looks like.
Compliance
Directly relevant for NIS2 (Article 21 — security of network and information systems), ISO 27001, and TISAX (automotive industry).
Frequently asked questions
Why do I need an internal penetration test if my perimeter is secure?
Perimeters are increasingly well secured, but internal networks often are not. A single wrong click can put an attacker inside, where weak segmentation, legacy software, and Active Directory misconfigurations frequently allow full compromise. The internal test measures that real-world risk.Does the internal penetration test require on-site presence?
Internal pentests are generally performed on-site, but can be done remotely via VPN or a dedicated jump host if your network setup allows it. This is agreed during scoping.How long does an internal penetration test take?
Typically 3 to 5 days of testing, up to 2 weeks for large environments, plus roughly 30 to 50 percent of that time for reporting.How much does an internal penetration test cost?
From 8,000 euros. The final price depends on the size of the environment and is calculated individually based on the required effort.martin@vidrasec.com | +43 670 3081275 | +43 670 3081275 | Book appointment |
Related Services
Related Blog Posts
- Pentest Provider Checklist for DACH SMBs
- What a NIS2-Ready Pentest Looks Like for a 50 to 500 Person Company
- Boutique Single-Operator Pentest vs. Large Firm vs. PTaaS: How to Choose
- The Penetration Testing Buyer's Guide: Scope Right, Spend Smart
- Bypassing BitLocker Without a Screwdriver: bitpixie and What You Can Do About It
- Dump Hashes in Windows 11 24H2
- Kerberos: How the Authentication Protocol Works
- Active Directory Tiering: Terminal Servers and Helpdesk
- UAC Bypass
- BloodHound Introduction for Admins
- Exploit CheckPoint vulnerability with one simple command
- Active Directory Password Policy
- Built-in Misconfigurations - Pre-Windows 2000 Compatible Access
- Securing BitLocker: Initial Setup and Defending Against Attacks