Internal IT-Infrastructure

The internal IT-infrastructure is the foundation of every company and requires adequate protection.

Scope of the pentest

During this assessment, our ethical hackers are evaluating your internal IT-infrastructure regarding vulnerabilities and misconfigurations.
The test can be conducted on premises or remotely. Our testers require only a VPN connection (remote) or a functioning Ethernet plug (on-premises).

Exemplary test objects:

Mail server

Internal IT systems for e-mail dispatch or retrieval

Web portals

Intranet portals or self-developed web applications

Printers and peripherals

Peripherals such as printers or fax machines in the internal IT-infrastructure

Database sytems

IT systems for the storage and retrieval of data such as MariaDB or MSSQL

File server

Network shares for file exchange via SMB, FTP, etc.

Development environments

IT systems for development, e.g., Jenkins, GitLab, Docker, etc.


On average only about 5 percent of company folders are secured sufficiently. ¹

On average, every employee has access to 11 million files. ²


More than a third of all data leaks were a result of insider threats. ³

Penetration test of the internal IT-infrastructure

Our approach

The pentest approach presented herein includes a security analysis of your internal IT infrastructure from the perspective of an internal attacker. We simulate an attacker with access to the internal network and identify vulnerabilities like oudated software versions, weak access controls or misconfigurations. .

Our tests include an automated vulnerability scan, as well as a manual analysis of all active network services. With your approval found vulnerabilities are actively exploited to demonstrate the real attack potential.

Internal networks are interesting and rewarding targets for attackers, as they are usually less protected than publicly available systems. The test can be conducted on premises or remotely.

Computer techniican inserting thumb drive into a server in a server farm.

For many companies, the internal IT infrastructure is the main place of origin for their services and products. Computer workstations for employees, the printers connected to them or other network components such as production machines, database servers or mail servers. A lot of sensitive information, such as customer data or business secrets, is hidden within the internal IT infrastructure.

Standards and qualifications

We follow recognized international standards for our pentest procedure.

Our penetration testers are highly qualified and certified with several recognized hacking certificates.