
Assess the security of your internal network from an attackers perspective
Our consultants simulate insider threats to identify risks across your internal environment. These assessments typically begin with network access and no prior knowledge of your systems. The goal is to uncover weaknesses, escalate privileges and access critical systems that should be protected.
- Corporate internal network: Testing includes targeting high-value assets such as executive email accounts or financial systems
- Network segregation testing: Verifying controls between segmented zones to ensure proper isolation and prevent lateral movement
- Wi-Fi access: Assessing guest, BYOD and corporate Wi-Fi for weak or missing controls including passwords, authentication and network separation
Find internal flaws before attackers do
Go beyond automated scans
Exploit weaknesses
After gaining network access, our consultants assess your systems from an attacker’s viewpoint. They will attempt to enumerate users, exploit weaknesses, pivot across systems and escalate privileges to evaluate your true risk.
- Identify vulnerable systems or applications inside your network
- Find exposed or sensitive data on internal file shares
- Attempt to escalate privileges including domain administrator access or forest-level control
How is it delivered
Why partner with Bastion for internal testing
Frequently asked questions
What is internal penetration testing?
Internal penetration testing simulates an attack from within your network to uncover weaknesses that could be exploited by malicious insiders or threat actors who have gained internal access. It helps identify vulnerable systems, misconfigurations, and access control issues that perimeter defences might miss.
Why is internal pen testing important if we already do external testing?
External testing checks your perimeter, but internal testing shows what an attacker could do if they got inside. It reveals risks like excessive user privileges, poor network segmentation, and insecure internal systems that external tests won’t detect.
What systems are typically tested during an internal penetration test?
Our team reviews your corporate network, internal servers, Wi-Fi access points, and network segmentation. We also test for vulnerabilities in high-value assets like executive email accounts and shared file systems to uncover critical internal risks.
Will an internal penetration test disrupt our systems?
No. Bastion’s internal testing is carefully planned and controlled to minimise business disruption. We work closely with your team and provide a detailed report outlining risks, impacts and remediation steps - without affecting day-to-day operations.
What will I get at the end of an internal pen test?
You'll receive a comprehensive report detailing each vulnerability identified, how it could be exploited, and practical steps to fix it. This gives your team a clear path to improve internal security and reduce your risk of a serious breach.
Talk to an expert
Shortland Street,
Auckland 1010 New Zealand
Brandon Street
Wellington 6011 New Zealand
120 Spencer Street
Melbourne 3000 Australia