Bishop Fox Internal Penetration Testing Methodology
Overview of Bishop Fox’s methodology for internal penetration testing.
Learn the Bishop Fox approach to internal penetration testing.
Bishop Fox’s Internal penetration testing methodology identifies security vulnerabilities by simulating the threat of a malicious insider or compromised internal host attempting to exploit designated target networks and applications. These zero-, partial-, or full-knowledge assessments are time boxed and focused on achieving the penetration-test objectives.
Internal penetration tests often include network and active directory enumeration, vulnerability scanning, local and active directory privilege escalation, lateral movement, and ultimately, sensitive data retrieval or access to critical functionality. Optionally, internal applications may be scanned and tested using a combination of automated tools and manual techniques.
This Methodology document provides an overview of the following internal penetration testing phases:
- Pre-assessment
- Network Discovery and Network Pen Testing
- Analysis and Reporting