Pentest from the Inside
Firewalls, VPNs, MFA – all important. But what happens if an attacker already has access to your internal network? That is exactly what we assess with an internal penetration test.
We test your internal infrastructure the way a real attacker would: realistically, manually, and with a clear goal – to compromise critical systems, sensitive data, and privileged accounts.
What is tested in an internal penetration test?
An internal penetration test simulates an attacker who already has a foothold inside the internal network – for example through compromised VPN credentials, malware on a workstation, stolen user credentials, or a malicious insider.
Starting from this initial access, we evaluate how far an attack can be escalated: Can we move laterally? Escalate privileges? Achieve domain administrator access? Can we reach sensitive data or production systems? The scope of an internal penetration test typically includes:
- Internal network segmentation
- Windows and Linux systems
- Active Directory
- User and service accounts
- Password policies and credential hygiene
- Authorization and role models
- File shares and internal applications
- Misconfigurations in AD, DNS, SMB, LDAP, and Kerberos
- Lateral movement and privilege escalation
- Protective mechanisms such as EDR, logging, and detection
How do we test? How long does it take?
We conduct internal penetration tests entirely manually and base our approach on realistic real-world attack scenarios. Instead of running automated vulnerability scanners, we analyze your internal infrastructure step by step from an attacker’s perspective, identify weaknesses, chain them into real attack paths, and deliberately assess how far an attack can be escalated.
The focus is not on theoretical risks or formal checklists, but on the concrete question of which systems, data, and privileges can actually be compromised.
An internal penetration test typically takes between three and ten days, depending on the size, complexity, and structure of the internal IT environment. Testing can be performed remotely or on-site. The exact scope is defined in advance together with you, ensuring that objectives, effort, and expectations are clearly aligned and that there are no surprises during the engagement.
Qualifications
The testers at Hackeroo know what they are doing and they can prove it. Our team consists of experienced ethical hackers with hands-on certifications such as the OSCP (Offensive Security Certified Professional) or the BACPP (Binsec Academy Certified Pentest Professional). Both stand for real attacks against real systems under realistic conditions and not for theory or multiple choice exams.
For our customers this means manual security testing on eye level with real attackers. No pure tool scans and no checklist audits but in depth analysis with technical depth experience and clear results. We think like attackers and that is exactly how we test.
Typical Questions
Our daily rate is €1,120 net.
Based on that, we agree on a fixed package price upfront, derived from the scope we define together. No surprise invoices, no last-minute renegotiation.
Then the total cost depends on what we’re testing and how deep we go. A lean web app is very different from a complex platform with APIs, authentication flows, role models, and a cloud setup. Black box vs. grey box, one target vs. ten, a few days vs. multiple weeks — that’s what drives the effort.
We price by time, not by findings. Automated tools are the starting point, not the deliverable. The meaningful findings come from manual analysis, experience, and thinking like a real attacker.
Bottom line: A clear scope, transparent effort, a fixed price and results that are more than a compliance checkbox.
