Infrastructure Pentest

What is an infrastructure pentest?

An infrastructure pentest is an attack on your network and system infrastructure. We test what is reachable from the internet (external) and what an attacker can do who is already inside (internal). The end goal for an internal test: demonstrate how an attacker goes from an initial workstation to Domain Admin - including the full path.

This is not a network scan. Where Nessus or Qualys report known CVEs and leave it at that, we go further: we exploit vulnerabilities, move laterally through the network, escalate privileges and demonstrate the real impact. We test the full attack path, not just individual items.

External versus internal

• External pentest: everything reachable from the internet - public IPs, VPN endpoints, mail servers, web servers, cloud services. We scan with Nmap and Masscan, test for outdated software, weak TLS configurations and publicly accessible management interfaces.
• Internal pentest: we start from a position within your internal network - a connected laptop at the office. LLMNR/NBT-NS poisoning, relay attacks, ARP spoofing, VLAN hopping, then the path toward Domain Admin.

Why should you get an infrastructure pentest?

One misconfiguration in a firewall rule, one forgotten test server, one weak service account password - that is the difference between secure and fully compromised:

• Ransomware prevention: most ransomware attacks start with initial access via the network, followed by lateral movement toward domain controllers. We show whether that path is open.
• Validate segmentation: many organisations believe they are segmented. We prove whether that is true, or whether VLANs and firewall rules have gaps.
• Discover shadow IT: in almost every pentest we find forgotten systems - test servers, unauthorised services, systems outside IT management's view.
• Compliance: NIS2, ISO 27001 and BIO require periodic verification of your technical security.

Our approach

We test like a real attacker, but controlled and documented. We share findings directly through short lines - you do not have to wait for the final report.

• External reconnaissance - mapping your attack surface: IP ranges, DNS records, SSL certificates, publicly reachable services.
• Port scanning & service enumeration - Nmap, Masscan and manual verification of all reachable ports and services.
• Exploitation - gaining access via discovered vulnerabilities: outdated software, default credentials, misconfigurations or known exploits.
• Lateral movement - pass-the-hash, Kerberoasting, LLMNR poisoning, relay attacks, SMB shares with weak permissions. We move through the network like ransomware groups do.
• Privilege escalation - toward Domain Admin via AD misconfigurations, delegation abuse or credential harvesting.
• Reporting - the full attack path documented with screenshots, commands and impact analysis. Each finding includes a concrete recommendation. Retest available on request.

What does an infrastructure pentest cost?

Our hourly rate is €175 per hour. Investment depends on:

• Scope: number of external IPs, size of internal network, number of locations.
• Depth: external only, or also internal with full domain compromise as objective.
• Complexity: multi-domain AD, complex segmentation, OT/IT separation.

An external pentest on 50-100 IPs costs €5,000 - €10,000. Combined external + internal with AD focus: €10,000 - €25,000. After a scoping call you receive a fixed quote.