Internal Network, VPC & Cloud

Penetration Testing from the Perspective of a Malicious Insider

Get Started

Guard Against Internal Network Threats

Comprehensive Internal Penetration Testing Services are essential for uncovering critical vulnerabilities within your network that automated scanning tools and a lot of our inexperienced competitors often miss. By investing in thorough, expert-led assessments, the Raxis Strike Team or Raxis Attack Team helps you ensure a robust defense against potential insider threats and sophisticated attacks that could compromise your organization’s most sensitive assets.

Penetration testing the cloud logo, showing a cloud sitting on top of a chip.

Virtual Private Cloud (VPC) Ready

Using a cloud version of Transporter, Raxis offers internal penetration testing for Virtual Private Cloud (VPC) hosted systems on any of the major platforms.

Credit card with numbers indicated.

Targeting Internal Data

Raxis discovers vulnerabilities and attempts to exploit them in order to access sensitive data and systems, simulating insider threats and assessing the effectiveness of access controls.

Penetration testing engineer accessing a linux based system.

Escalate Privileges

The Raxis storyboard shows in detail how our penetration testers gain a foothold and pivot, escalating privileges and access along the way — the same process a disgruntled employee or even a vendor might use.

Penetration testing engineer and the cloud icon on a laptop

Exfiltrate Redacted Data

Once access is obtained, proof that the data potentially could be exfiltrated will be obtained. Redacted screenshots will be used in our storyboard to prove the significance of the attack.

Request a Demo

The Bank Heist

Raxis Hack Stories

All stories are based on real events encountered by Raxis engineers; however, some details have been altered to protect our customers’ identities.

Imagine this: A bustling bank, its employees confident in their security protocols, unaware of the quiet storm brewing. Enter the Raxis Strike Team, armed with permission and a mission to test the unthinkable. After tailgating into a bank property, penetration testers infiltrated a bank employee’s workstation, skillfully uncovering previously used credentials. With surgical precision, they tested these credentials across systems, eventually gaining access to the domain and cracking user password hashes. The result? A treasure trove of credentials that worked seamlessly across employee workstations and the banking system itself.

But we didn’t stop there. In a controlled proof of concept, our team logged in as a teller to initiate a funds transfer and then switched roles to a manager to approve it—all while the bank’s team watched in awe. This wasn’t just a test; it was a masterclass in uncovering vulnerabilities that others might miss. By demonstrating how real-world attackers could exploit overlooked weaknesses, Raxis showcased why our penetration testing is not just thorough but transformative—empowering organizations to fortify their defenses before threats become reality.

Penetration Testing Builds a Stronger Cloud

Amazon Web Services (AWS)

Raxis penetration testing uncovers vulnerabilities in your AWS infrastructure and configuration, ensuring your cloud environment stays secure against real-world attacks.

Microsoft Azure

Our expert-led testing identifies and mitigates risks in your Azure setup, strengthening defenses and maintaining compliance with industry standards.

Google Cloud Platform (GCP)

Raxis simulates sophisticated attacks on your GCP systems, exposing weaknesses before hackers can exploit them.

Hybrid Cloud Solutions

We test across your hybrid cloud environment, providing actionable insights to secure both on-premises and cloud-based assets seamlessly.

Request a Demo

F.A.Q.

Frequently Asked Questions

What is Raxis Internal Penetration Testing?

Raxis offers a range of penetration testing services, including internal penetration testing. This specialized assessment simulates attacks from within your network, uncovering vulnerabilities that could be exploited by malicious insiders or external attackers who have already breached your perimeter defenses.

How does Raxis Internal Penetration Testing differ from automated vulnerability scans?

Unlike automated scans, Raxis Strike employs manual penetration testing against your internal or VPC network by expert engineers to uncover crucial security risks that automated tools cannot detect.

Can I include PCI segmentation testing with a Raxis Internal Network Penetration Test?

Yes, and that is often the most convenient scoping for our customers. The Raxis pentester can often initiate segmentation testing scans and leave them running while working on a manual internal network penetration test. This combined scope can help Raxis do more in less time, saving your team money and helping you work within your organization’s budget.

How long does a Raxis Strike Internal Penetration Test take?

The duration of a Raxis Strike penetration test can range from 3 days to several weeks, depending on the scope of the assessment.

Do I need an Internal Network Penetration Test if I’ve already done an External Penetration Test?

Raxis strongly recommends doing both. An internal penetration test focuses on what an attacker can access and if they can use that access to jump to other critical systems. Is your phone network segmented from your production network? Are there devices that aren’t secure or outdated systems on your network? Any of these issues could allow an attacker to gain access and then pivot to more critical systems. While an external test can tell you if an attacker can get in, an internal network penetration test reveals what they can do once they get inside.

How does Raxis ensure the safety of my systems during testing?

Raxis operates within clear contractual boundaries and has strict policies against damaging or destroying customer property. The goal is to expose vulnerabilities without causing harm. While employing advanced hacking tools inherently carries some risk, our extensive experience and rigorous protocols significantly minimize the potential for system instability or data loss during penetration testing.

What kind of report will I receive after a Raxis Strike assessment?

You’ll receive a detailed report that includes an analysis of your environment, a play-by-play storyboard of the test, screenshots of hacker tool outputs, and a clear remediation plan. Our report is compliant with NIST 800-115, the standard for Penetration Testing reporting accepted by all major compliance standards.

Does Raxis Strike include retesting after vulnerabilities are addressed?

Yes, Raxis can include a retest to validate remediation efforts, which is often required for compliance purposes.

How does Raxis handle cloud environments?

Raxis Strike is fully capable of working with various cloud providers and content delivery networks, including Amazon AWS, Microsoft Azure, Google Cloud, Cloudflare, and Akamai.

How is Raxis different than other penetration testing providers?

Raxis Strike and Raxis Attack leverage our penetration testing team’s collective expertise, fostering collaboration to deliver the most comprehensive and valuable findings for your organization.

How does Raxis Strike collaborate on a penetration test?

For each engagement, a lead engineer oversees the process and conducts the majority of the assessment. When specialized expertise is required for specific targets, our team collaborates to ensure the most thorough and effective penetration test possible.

Does Raxis internal Penetration Testing meet regulatory compliance requirements?

Yes, Raxis Strike and Raxis Attack both meet or exceed requirements for various compliance standards, including NIST 800-171/CMMC, PCI, HIPAA, GLBA, ISO 27001, and SOX.

Request a Demo