Home > Federal > STMS > Red Teaming / Internal Penetration Testing

Security Threat Modeling & Simulation

Red Teaming / Internal Penetration Testing


Internal Penetration Testing examines the security surrounding internally connected systems; typically within a corporate network. An External Attack & Penetration tests the security of externally connected systems from over the Internet. Internal Penetration Testing involves the finding and exploitation of actual known and unknown vulnerabilities from the perspective of an inside attacker. Internal Penetration Testing attempts to breach the target as an unauthorized user with varying levels of access, as listed below. This is sometimes referred to as “ethical hacking.”

  • A rogue employee, or malevolent contractor
  • Malware infestation
  • Something installed on an internal network that is used by a hacker to pivot
  • Casual hacker who infiltrates a client’s systems
  • Dedicated hackers who pursue specific information and work with inside information (e.g., knowledge provided by a current or terminated client employee) and via information gathered through open source intelligence

For example, if your company was targeted through a phishing attack where malware was inadvertently installed by employees, this malware may provide an attacker with a backdoor entry point into the rest of the internal network. A remote attacker (using this backdoor) may then attempt to locate common vulnerabilities such as unpatched or misconfigured systems in order to gain further access to sensitive information. SecureState’s Internal Attack & Penetration simulates an attack such as this.

  • Internal Penetration Testing involves the finding and exploitation of known and unknown vulnerabilities on an internal network
  • Internal Penetration Testing detects weaknesses in a system or network that could allow host compromise


Internal Penetration Testing must be conducted to achieve compliance with a multitude of regulations and standards that industries face; including the Payment Card Industry Data Security Standard (PCI DSS). Additionally, Internal Penetration Testing detects weaknesses in a system or network that could allow compromise to a host. Internal Penetration Testing also tests an organization’s internal monitoring and Incident Response (IR) capabilities.


SecureState’s Profiling Team is comprised of Nationally renowned ethical hackers. The team’s background includes military intelligence, law enforcement, big 5 consulting, and financial institutions. We are constantly working to stay at the forefront of penetration testing and security assessment technology as well as business trends through training, education, and public speaking. Members of SecureState’s Profiling Team are regularly asked to speak as subject matter experts on penetration testing at all of the major security and hacker conferences: Defcon, ShmooCon, OWASP AppSec DC, Hackers on Planet Earth, DerbyCon, Toorcon, Notacon, and Black Hat USA.

Did You Know?

  • Internal Penetration Testing tests an organization’s internal monitoring and Incident Response (IR) capabilities
  • Penetration Tests are not Vulnerability Assessments
  • Penetration Tests should be performed at least once a year and after any significant application modification or network upgrade
  • Penetration Tests should follow industry standard testing methodologies
  • Penetration Tests are an important part of any security program

Our Approach and Methodology

The SecureState Profiling Team are well known and highly regarded as experts in Penetration Testing. Our approach follows industry accepted testing methodologies such as PTES, NIST 800-115, OWASP and OSSTMM. By following these methodologies, our clients can accurately replicate the testing SecureState has performed in their own environment to accurately mitigate identified vulnerabilities. The SecureState Profiling Team also helps identify strategic “root cause” issues through our Penetration Tests. Our Risk Management Team is uniquely positioned to work closely with the Profiling Team in order to assist clients with mitigating these strategic “root cause” issues.

Phase I – Pre-engagement Interactions:

In this phase, SecureState works with the client to establish the rules of engagement as well as the scope; and exchange contact information for both parties. SecureState provides a detailed Project Charter which contains information on scope and everything that will be required to conduct the testing. The Project Charter is discussed during the kickoff call prior to the beginning of the engagement.

Phase II – Discovery Analysis / “Footprint” Creation:

An internal profile or “footprint” is created of computer addresses and other information regarding the client’s internal connected systems, taking an “unknown presence” and reducing it to a specific range of IP network ranges and host systems.

Phase III - Service Enumeration:

Specialty tools are used to programmatically “ping” or map a client’s existing Internet presence. A “service scan” is initiated to identify listening service ports, in order to determine the type of operating systems and applications in use. Detailed configuration and user information is obtained for each system, and the computer addresses acquired during Phase II are programmatically scanned.

Phase IV – Application Layer Testing:

A limited manual testing of any web applications encountered, looking for common web application vulnerabilities such as SQL injection.

Phase V – Exploitation:

All identified vulnerabilities will be assessed as to the likelihood of exploitation; and we actually do exploit the vulnerabilities.

Phase VI – Post Exploitation:

The Post Exploitation Phase includes pillaging, penetrating further into the network, documentation and erasing any remains from we may have left behind.

Phase VII – Reporting:

As part of the deliverable, SecureState provides a report which contains a short graphical summary aimed at senior management, a narrative body which details major findings and a detailed findings section aimed at technical staff. Additionally, SecureState provides a closing call and high level executive presentation to summarize the penetration test as well as provide an opportunity to ask questions about the engagement.

What Makes Us Different


  • Uses a team based approach for all Penetration Tests
  • Utilizes proprietary Vulnerability Linkage Theory (VLT) to achieve a greater attack
  • Demonstrates proprietary tools to Clients during Penetration Testing
  • Publishes our own Exploits, Zero Days and Tools to the Information Security Community
  • Profiling Team members are known as experts in Penetration Testing worldwide
  • Profiling Team members are frequent speakers at National and world-wide security and hacking conferences such as DEFCON, Black Hat, OWASP AppSec, SANS, ShmooCon, THOTCON, DerbyCon, ToorCon and more
  • Conducts all external Penetration Tests from our state-of-the-art hacking facility in SecureState’s world headquarters; a DOD cleared facility
  • Has the capability to perform secure remote Internal Penetration Tests using the latest Penetration Testing technology
  • Provides a secure two-factor authentication web portal for access to Penetration Test results
  • Follows industry standard testing methodologies, vulnerability rating systems and uses real attack data collected by SecureState through years of assessments to compare your company to your industry peers from a security perspective


We Can Help You