External Assessment
Simulates an unauthenticated attacker on the internet attempting to breach your perimeter. Covers internet-facing assets, exposed services, firewall rules, and public infrastructure.
Grey Shield / Network Pen Testing
Realistic adversary simulation across your internal and external network — from initial reconnaissance through Active Directory compromise, lateral movement, and full data exfiltration.
// service_config.json
1–4 weeks
PTES + NIST 800-115
Exec + Technical
✓ 30 days
PCI · ISO · HIPAA
Int / Ext / Full
Engagement scope
Internal vs External
Network penetration tests are conducted from one or both perspectives, depending on your threat model and compliance requirements.
Internal Assessment
Simulates a threat actor with initial access — malicious insider or post-phishing foothold. Tests lateral movement, privilege escalation, and Active Directory attack chains.
Full-Scope Combined
Most comprehensive — breach the perimeter externally, pivot internally to demonstrate the full kill chain from internet to domain admin to data exfiltration.
How we operate
Testing Methodology
A structured six-phase approach based on PTES and NIST SP 800-115 — thorough, repeatable, and aligned to your threat model.
Phase 01
Reconnaissance & OSINT
Passive and active intelligence gathering — DNS enumeration, ASN mapping, Shodan queries, leaked credential checks, employee enumeration, and internet-exposed service identification.
Phase 02
Network Scanning & Enumeration
Comprehensive port scanning, service fingerprinting, OS detection, SMB/LDAP/RPC enumeration, and identification of legacy protocols, weak ciphers, and unpatched services.
Phase 03
Vulnerability Assessment
Manual and automated vulnerability identification — CVE mapping, exploit-DB cross-referencing, misconfiguration analysis, default credential testing, and authentication bypass.
Phase 04
Exploitation & Initial Access
Controlled exploitation — EternalBlue, PrintNightmare, credential stuffing, LLMNR/NBT-NS relay attacks, and perimeter breaches to establish a verified foothold.
Phase 05
Lateral Movement & AD Attacks
BloodHound AD path analysis, Pass-the-Hash, Kerberoasting, AS-REP Roasting, DCSync, Golden/Silver Ticket attacks, and full domain compromise demonstration.
Phase 06
Reporting & Remediation
CVSS-scored findings with PoC evidence, attack path diagrams, and step-by-step remediation. Executive summary, debrief call, and free 30-day retest included.
Our arsenal
Tools Used
Industry-leading tools combined with custom scripts to map, enumerate, and exploit network infrastructure safely.
Nmap / Masscan
Metasploit Framework
BloodHound
Impacket Suite
Responder
CrackMapExec
Mimikatz
Rubeus
PowerView
Certipy
Netexec
Nuclei
OpenVAS
Shodan CLI
theHarvester
Amass
Hydra
John the Ripper
Hashcat
Custom Python Scripts
What you receive
What You Get
Executive + Technical Report
Board-level executive summary and a full technical document with PoC evidence, CVSS scores, and attack path diagrams.
Attack Path Diagrams
Visual network topology diagrams showing every attack path from initial access to domain compromise — invaluable for leadership and security teams.
Free 30-Day Retest
After remediation we verify all fixes at zero cost within 30 days — your certificate is backed by verified evidence.
Technical Debrief Call
Live walkthrough with your IT and security teams covering every finding, exploitation steps, and remediation to prevent re-exploitation.
Compliance Certificate
Signed certificate mapped to PCI DSS, ISO 27001, HIPAA, or NIST — accepted by auditors and enterprise procurement teams worldwide.
Prioritised Remediation Plan
Every finding ranked by exploitability, severity, and business impact — so your team patches the most dangerous vulnerabilities first.
Ready to find out?
Test Your Network
Before Attackers Do
Get a scoping proposal within 24 hours. Tell us your IP ranges, environment size, and compliance requirements — we'll tailor the right assessment.