The heart of any organisation is undoubtedly its internal network and related services. Internal network assessments are often recommended following an external network assessment as a defence in depth approach. This however does not dilute its importance, but rather aims to balance the security posture of both networks.
Internal assessments are typically conducted onsite, scoped as a sample set of IT infrastructure and applications based on a detailed methodology aligned with best practices (such as OWASP, CREST, and MITRE). The assessment includes detailed penetration testing, exploitation of vulnerabilities, privilege escalation and pivoting in the target network. When scoped with specific targets in mind, those would be what drives the aforementioned phases. Our ethical hackers make extensive use of both open source and self-developed tooling and often develop custom tooling when required.