Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Bishop Fox Internal Penetration Testing Methodology

Overview of Bishop Fox’s methodology for internal penetration testing.

Preview of the Bishop Fox Internal Penetration TEsting Methodology.

Learn the Bishop Fox approach to internal penetration testing.

Bishop Fox’s Internal penetration testing methodology identifies security vulnerabilities by simulating the threat of a malicious insider or compromised internal host attempting to exploit designated target networks and applications. These zero-, partial-, or full-knowledge assessments are time boxed and focused on achieving the penetration-test objectives.

Internal penetration tests often include network and active directory enumeration, vulnerability scanning, local and active directory privilege escalation, lateral movement, and ultimately, sensitive data retrieval or access to critical functionality. Optionally, internal applications may be scanned and tested using a combination of automated tools and manual techniques.

This Methodology document provides an overview of the following internal penetration testing phases:

  • Pre-assessment
  • Network Discovery and Network Pen Testing
  • Analysis and Reporting

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.