Infrastructure Penetration Testing (Pen Testing)



An Infrastructure Penetration test uncovers vulnerabilities residing within your infrastructure and provides a detailed attack narrative to help evaluate the impacts of each finding. Packetlabs' Infrastructure Penetration Testing methodology is 95% manual and is derived from the SANS Pentest Methodology, the MITRE ATT&CK framework for enterprises, and NIST SP800-115 to ensure compliance with most regulatory requirements.

What you'll get:

  • A thorough foundational assessment of networks and systems

  • Identify all paths to Domain Admin

  • System hardening recommendations

  • OS and third-party patching assessment

  • Identify insecure configurations within on-prem and cloud environments

  • Uncover the impacts of techniques, tactics, and procedures commonly used by ransomware

  • A comprehensive report with detailed findings and remediation steps

Why conduct an Infrastructure Penetration Test?

Stay compliant by fulfilling all your compliance objectives
  • Fulfillment of compliance objectives includes: PCI DSS, SOC2, FedRAMP, ISO27001, MPA

  • Meet cyber insurance requirements

Find vulnerabilities residing in IT systems, applications, or network components
  • Each finding is documented to describe an attack narrative to illustrate the potential risk.

  • Go beyond a vulnerability assessment to identify the techniques attackers would take to breach sensitive information.

Protect access to sensitive information by finding weaknesses others overlook
  • Identify any external exposures that could lead to internal access

  • Identify the risk to legacy protocols and weak credential hygiene that lead to system and domain compromise

Penetration Testing isn't what we do, it's all we do.

Our penetration testing is more than just a vulnerability scan. Automated testing accounts for only 5% of what we do. The other 95% consists of manually simulated real-life attacks to uncover your network vulnerabilities.

  • icon

    Demonstrated impact

    Identify gaps in processes and procedures

  • icon

    Adversary simulation

    Explore your network from an attacker's perspective

  • icon

    Protect proactively

    Find your vulnerabilities before an attacker does

  • icon

    Assess your system

    Find weaknesses others overlook in your IT infrastructure

    During the test the engineer assigned to our case would notify us of any high-priority findings with detailed explanations of the risks right away. They were also quickly responsive to our emails during the test.

    Read More  
  • Adam B.
    • Adam B.
    • V.P. Engineering

    PacketLabs gives the partner peace of mind and reassurance that their cybersecurity needs taken care of. Their team is full of experts who go above and beyond the scope of the engagement.

    Read More  
  • Anonymous
    • Anonymous
    • Director of IT

    The result report was easy to follow and insightful, with recommendations on risk exposure and remediation. We would definitely recommend working with PacketLabs.

    Read More  
  • Charlene
    • Charlene
    • Small Business Owner

    Our experience with Packetlabs was very positive. They offer excellent service, communicated clearly with us throughout the process, and were very accomodating regarding our timelines. We highly recommend Packetlabs.

    Read More  
  • Anonymous
    • Anonymous
    • Human Resources

    Since engaging Packetlabs, we've been confident in our ability to bid for Pentest engagements no matter the scenario, environment or requirement - they've made the whole process of scoping, quoting, and delivering (on time and on budget) seamless.

    Read More  
  • Ian W.
    • Ian W.
    • Security Sales Specialist

    They shared the results with us in a management report. We discussed all the findings and how we could fix them in meetings, and they also provided us with optional solutions. They did everything remotely.

    Read More  
  • Anonymous
    • Anonymous
    • IT Infrastructure Manager

    The team worked quickly to identify any issues, write up reports, and offer recommendations. Their friendliness set them apart and made them more of a partner than merely a service provider.

    Read More  
  • Anonymous
    • Anonymous
    • IT Director

    Thanks to Packetlabs Ltd.'s excellent cybersecurity efforts, the company was able to resolve its vulnerabilities and establish its secure VPN tunnel. Their responsiveness and diligence were hallmarks of their work.

    Read More  
  • Anonymous
    • Anonymous
    • Manager

    After performing extensive tests, Packetlabs Ltd. produced a thorough report that explained any potential security flaws. Accommodating schedule changes, the team supported effective collaboration.

    Read More  
  • Anonymous
    • Anonymous
    • Project Manager, ECEBC

    Packetlabs Ltd. successfully identified new and preexisting issues, making it easy for the client to resolve them. The team often went above and beyond to explore issues further and provide valuable information for the client.

    Read More  
  • Anonymous
    • Anonymous
    • Sr Director Technology

    From the first phone call to the tech interview and progress updates, they have demonstrated a complete understanding of our needs, are very proactive and responsive, and have clear communication.

    Read More  
  • Anonymous
    • Anonymous
    • Small Business Owner

    Packetlabs Ltd. delivered exactly as requested, meeting the objectives of the project. Not only was the team able to complete the analysis quickly, but they were also open and honest throughout the entire process.

    Read More  
  • Anonymous
    • Anonymous
    • VP Engineering & Founder

Infrastructure Penetration Testing Service Highlights

  • MITRE Attack Framework icon

    Network Security

    Check for legacy network protocols that are used by attackers to pivot and elevate privileges

  • Service highlights icon for Develop and integrate technology solutions to facilitate SAST/DAST

    System Configuration

    Identify gaps in your golden images to allow for further hardening

  • Service highlight icons for Draft and share Application Security Testing report with recommendation GO/NO-GO

    OS and Third Party Patching

    Check for gaps in your vulnerability management program

  • Service highlight icon for client-side protection

    Client-Side Protection

    Uncover exposed data and establish the level of accessibility to key data on the network

  • Service highlight icon for Authentication


    Identify weaknesses in passwords used across systems

  • Service highlight icons for Database security

    Data Security

    Uncover the actual impact of risks and identify all pathways to your critical assets and data

Infrastructure Penetration Testing

  • Infrastructure Penetration Testing
  • Objective-Based Penetration Testing
  • Thorough Foundational Assessment of Networks and Systems

  • Network Security

  • System Hardening

  • OS and Third-Party Patching

  • Authentication Attacks

  • Cryptography Attacks

  • Email Phishing

  • Ransomware Assessment

  • Active Directory Bloodhound Assessment

  • Active Directory Password Audit

  • Antivirus Bypass

  • Adversary Simulation

  • Physical Security Attacks

  • Social Engineering (Phone/ In-person)

Download Resources

  • All
  • Methodology & Sample Reports
  • Guides
  • Penetration Testing Methodology Cover
  • block image
  • block image

Frequently Asked Questions - Infrastructure

  • What is the difference between a depth-based penetration test and a coverage-based penetration test?

    Unlike depth-based penetration testing, coverage-based penetration testing has a broader, “let’s keep looking” focus. With this approach, testers look for multiple ways to compromise an environment and exploit its vulnerabilities. In fact, they look for as many ways in, not just the easy ones, and don’t simply stop after the first exploit. Depth-based, in contrast, focuses on finding the path of least resistance, or the easiest way in. This is the path attackers will often take, but it doesn’t consider that there are multiple other ways, which may be a little bit more challenging to exploit.

  • What does my organization gain from security testing its infrastructure?

    The simple answer is reassurance. Our team of consultants will ensure that we have done everything possible to evaluate the security defenses you have in place at your organization. It is impossible to assess how well an organization’s defensive measures are working, unless they have been tested to react the way a vendor has claimed they are intended to perform. Many of our clients have discovered that their defensive 24/7 Security Operations Centre awareness teams failed at discovering an intruder in a timely manner, or fail to identify a breach of security. In addition, many Anti-Virus and Intrusion Detection System frameworks have failed at detecting malware.

    Unfortunately, other clients called us only after they experienced a breach. At that point, the damage had already been done, which lead to a forensic assessment to discover how the breach occurred. By taking a preventive strategy your organization will gain access to our comprehensive reports, which are among the most inclusive in the industry. Our reports detail findings in an easy-to-read layout for executives, but also provide the necessary results, guidelines and suggestions that can help the technical staff mitigate the exploitable vulnerabilities found going forward. This allows management to share results with all organizational stakeholders involved to address the weaknesses in all related operations, and to help focus on the costs needed for investing in securing your entire IT architecture.

  • What is the difference between internal and external security infrastructure testing?

    Both of these areas of assessment focus on different assumptions and attack surfaces. External infrastructure testing is concerned with what services, protocols, and applications are being exposed to the internet, e.g. web servers, log-in portals. These systems are considered the most vulnerable, as the constant bombardment of attacks from external threat actors create a high level of risk to all exposed areas. The systems that are exposed must have impeccable configurations focusing on hardening techniques, leaving no room for error, and must also be concerned with denial of service attacks.

    The assumption with Internal infrastructure testing is that external threat actors have already penetrated external defenses to find a way inside or the threat is being sourced from an internal actor, which some consider a company’s greatest threat, or a vendor that has already been authorized for access. The primary focus areas for this type of testing are lateral movement and privilege escalation. The goal of this type of testing is to identify how difficult it is for an internal attacker to move around the internal network and to discover what type of sensitive data may be obtained in the process. This is also an effective way to test the awareness of the defensive team by identifying how quickly it takes for a defensive team to discover the presence of an intruder and if they were able to isolate how the intruder gained entry.

  • Why perform security testing on infrastructure already protected by a firewall?

    From our experience, we have found that intruders continuously find the weakest link and utilize the path of least resistance to enter an organization’s network. This path circumvents a firewall’s configuration and implementation. The purpose of a firewall is to only allow specified traffic in or out as authorized – but if an attacker can hide within permitted traffic, they can undoubtedly use it to enter and exit as required. Common examples can include utilizing web, DNS, or email traffic to keep from being discovered. In most cases, the common weakest link in organizations are the staff that fall victim to phishing-based attacks that can be used to gain a foothold into the internal network that may lead to an intruder exploring sensitive assets.

  • Is it necessary to plant a device within the test network so you can have access? Why can’t you just “hack in”?

    Depending on the scope and size of the engagement, most security testing engagements fall between the range of weeks to months. In that time, the assessment of the network infrastructure involves testing all assets in scope, which can include a large number of services, applications and protocols being used by those assets. Given the budget of the client, time restrictions, and scope of allowable testing rules, in most cases the time and budget spent would be better utilized on the actual testing of the assets. Our team of consultants can spend the entire allocated time and budget on trying to bypass external defense mechanisms or create a sophisticated phishing campaign (as is done in objective-based penetration testing) until we gain entry, but by that time the budget may be well spent, leaving little opportunity for the actual security assessment. As such, in most situations, providing our consultants with VPN credentials or planting a device inside the network to ensure the network infrastructure can be thoroughly tested in its entirety will provide the most value.

  • Should the security testing be performed in production or pre-production environments?

    The advantage of performing security testing in production environments is that it allows the testing to be conducted within the actual network conditions using the latest developments the staff has configured. This also helps to discover how attacking certain parts of a network or individual systems may affect other areas of the architecture. In many of our engagements, we have found that there are multiple ways to successfully infiltrate a network or laterally move within a network based on how well the services were connected with each other. By performing a test in a production environment, these paths can be explored and provide a level of insight not possible in situations where pre-production isolated systems exist.

    One of the small, possible disadvantages to full production environmental testing is that live systems may experience interference during normal operations. In most cases, this interference is minimal and is usually not even detected, but capturing relevant data can be absolutely critical to the result outcome. If special circumstances exist where these systems are inherently sensitive, it is possible to perform testing in pre-production environments. The difference being that the consultant would not have the opportunity to evaluate how the regular services accessed by this system would typically run for the organization’s users, customers or vendors. The pre-production test would simply focus on assessing the pre-production infrastructure integrity on its own.

  • Is it best practice to make our security operations team aware of the penetration test?

    If the intention of the test is to evaluate the ability of the defensive team, then it may be in the best interest of the organization to limit the knowledge of the testing. If the security team is aware of the testing well in advance, we find most teams will spend their time days in advance updating all operating systems and applications, and even disabling some services that are being used on a regular basis to avoid the chance of the test results being detrimental to their work performance. This may sway the outcome of testing results and not provide an accurate representation of your architecture, while also not providing the full value of the test. A typical attacker has the option to attack your networks on their schedules, waiting patiently until they feel you are the most vulnerable, not when you are the most prepared. If the intention is to work with the organization’s security team to identify and mitigate findings in real time, then it’s beneficial to have the team aware of our presence and we recommend sending start and stop notifications to all relevant parties so they’re aware of any interruption to services.

  • What type of methodology is used for infrastructure security testing?

    Our consultants are trained to follow our own specialized security testing methodology based on industry standards primarily aligned with NIST SP800-115 to ensure compliance with most regulatory requirements, but are also fine-tuned to fulfill the needs of each individual client’s security concerns. The reason for this organizational-specific testing methodology is to create an effective attack plan that produces data results that are valuable, but also have a high-level of validity associated with them. False-positive results are a waste of time for everyone involved. Our consultants take the time to create POCs (proof of concepts) that are easy to understand and follow, but also show exactly how we came to the results, so our clients can use this information to mitigate the vulnerabilities and create a more secure infrastructure.

    An example of a security testing process used in our infrastructure testing includes:

    Information Gathering

    During this stage, our consultants will take the time to do reconnaissance on your organization to discover every possible detail that can be utilized. This can include online services, exposed portal systems, published documents, social media, identifying valid employee accounts and more. Collecting this information can be used to help create a custom phishing attack as most attackers will use this information to boost their attack efforts.

    Discovery and Vulnerability Scanning

    Next, a comprehensive manual and automated testing process will occur utilizing various commercial automated scanning tools & technologies while combining manual custom vulnerability testing techniques to identify, fingerprint and validate findings. Multiple attack areas and vulnerabilities will be evaluated in the stage. Our consultants are not satisfied until every potential attack path has been considered.


    Once the vulnerabilities have been identified, the consultant will utilize this opportunity to exploit them. This requires the testing team to creatively circumvent defensive measures that may try to prevent the exploitation from being successful (e.g. Anti-virus). Our consultant will test the areas of confidentiality, integrity, and in some cases, availability to verify that the vulnerability is actually exploitable. Attempts to escalate privileges, gain unauthorized access, and laterally move across the network will be explored.


    After all the results and data have been collected, our team will create an industry-leading comprehensive report that is custom tailored to our clients. The report contains an executive summary with a high-level overview of the critical issues identified, the methodologies we used to conduct the test, the scope of the assessment, a technical finding section that describes each of the findings, with steps to reproduce, evidence where required, and steps on how to remediate the vulnerability. Finally, the report is concluded with a unique list of strategic and tactical security recommendations, and appendices are included when necessary.

  • What is the best way to prepare for infrastructure security testing?

    In most situations, our clients choose to identify a list of assets they want our consultants to focus on within the scope of the engagement. After the client has established this, they would simply contact our team to set up a meeting to go over the details. In more specific objective-based security testing, clients establish various goals they would like accomplished to verify whether it was possible for a potential attacker to complete a similar task such as extracting financial records or other sensitive information.

    As a penetration company, our team of highly-skilled security consultants customize every engagement by adjusting our focus to fit the client’s needs. We understand that no one client’s architecture or application fits into a predefined box and requires an adaptive testing methodology to develop a solution that works best for your organization. Our consultants are proficient at adapting to our clients’ environments and have familiarity with a variety of tools, services and targets.

    A penetration test is an excellent strategy to evaluate the safeguards and controls of your organization’s information management systems, by allowing us to identify vulnerabilities and technical flaws in your security architecture. At Packetlabs, our first priority is to locate and mitigate our clients’ security vulnerabilities before they are potentially exploited.

Explore more questions


  • wind turbines green energy
  • Person scanning on a screen
  • yellow construction crane on a red background

Ready to get started?

There's simply no room for a compromise. We’re here to help. Our team works with yours to ensure you reach your full security potential.