INFRASTRUCTURE TESTS
What happensaftersomeone is in.
Internal infrastructure tests simulate what an attacker can achieve after initial access. The starting point is typically a standard domain user or a network port. The goal is a realistic assessment of segmentation, credential hygiene and lateral movement up to domain admin or the crown jewels.
01 · SEGMENTATION
Network zones, VLANs, firewall rules.
We review the actual effectiveness of your network segmentation. Which zones really talk to each other? Which client-zone ports reach production servers? Where are OT and IT networks unintentionally connected? Jump-host architectures and bastion solutions are checked for bypasses as well.
02 · LATERAL MOVEMENT
Credential hygiene and privilege escalation.
We look for SMB signing weaknesses, relay paths, WSUS and SCCM misconfigurations, local-admin reuse without LAPS, unprotected backup shares, credentials in scripts and group policies, and typical Windows privilege escalations. On Linux we review SSH key distribution, sudo configuration and container escapes.
03 · CROWN JEWELS
vCenter, ESXi, backup, domain.
Ransomware groups today aim first at vCenter, ESXi hosts, backup servers and domain controllers. We explicitly test these systems for current CVEs, insecure authentication paths, missing MFA on management access and the isolation of backup credentials from the production network. Without proper backup isolation, all other controls are decoration.
READY
An infrastructure test that actually stresses your hardening.
We test in coordination with your SOC or deliberately quiet if you want to measure detection. The choice is made together before kick-off.