When carrying out internal penetration tests, we primarily rely on the current OSSTMM methodology and the testers’ experience with attacks on domain machines, with an emphasis on the following procedures::
Identifying targets, the environment and searching for vulnerabilities
The initial phase involves recognizing and mapping the individual systems (server types, operating systems, etc.) and services available on the organization's user network.
This is where we test for security weaknesses related to software bugs, configuration errors, and errors resulting from poor design and service settings.
Identifying active servers, network elements and verifying their security
The phase involves recognizing active network elements (firewalls, switches, routers, monitoring probes) and checking their security level from the perspective of the organization's overall network design, and from the perspective of the systems themselves.
The tests are conducted by automated scanning methods that identify the network structure and the inherent vulnerabilities of individual systems according to the service “fingerprints” obtained The impacts on network security are subsequently assessed according to manufacturers' recommendations and recognized best practices.
An attempt to break into selected identified systems and services - privilege escalation
Based on the results of the previous phases, the possibilities of escalating the allocated rights and taking full control of the tested systems are identified and verified.
Each test is carried out using various methods. In particular, password guessing attacks, misuse of any information found (found passwords, scripts) and the use of exploits for specific vulnerabilities found.
An attempt to compromise the company's domain
In this stage, an attempt is made to escalate privileges to the level of a domain administrator. The goal is to compromise the company's internal domain. Both classic and the latest attacker techniques, such as Pass the Hash, LSASS Dumping, Kerberoasting, Incognito Token Impersonation and others, are used when carrying out the techniques.