Home / Services / Network Penetration Testing
Infrastructure Security

Identify exploitable weaknesses in your network.

Our CREST-certified consultants conduct internal and external network penetration tests that go beyond automated scanning, delivering real-world attack simulations and actionable remediation guidance.

Get in Touch View Our Methodology
What we offer

Network security, tested thoroughly.

Internal Network Testing

Assess your internal attack surface: domain infrastructure, network services, lateral movement paths, privilege escalation opportunities, and Active Directory weaknesses.

External Network Testing

Attack your perimeter from the outside: internet-facing services, firewall rules, exposed ports, and boundary device vulnerabilities. Can be paired with social engineering to simulate a realistic external attack scenario.

CREST Certified

Every engagement is delivered by CREST-registered testers, with findings mapped to CVE, CVSS scores, and actionable remediation steps.

Scope

Areas we can test.

Infrastructure & Active Directory
Servers, workstations, network devices, Active Directory environments, and interconnected multi-site infrastructure.
Password & Credential Auditing
Active Directory password policy assessment, credential dumping, weak and reused password identification, and Kerberos ticket attacks.
Network Services & Protocols
SMB, RDP, SSH, FTP, SNMP, and other exposed services assessed for default credentials, misconfigurations and known CVEs.
VPN & Remote Access
VPN configurations, split-tunnelling risks, and authentication bypass opportunities.
Vulnerability Scanning & Validation
Automated scanning followed by manual validation to eliminate false positives and identify exploitable chains.
Lateral Movement Paths
Identifying routes through the network that an attacker could use to escalate access to critical systems.
How we work

Our methodology.

Step 01

Scoping & Pre-engagement

Define scope, objectives, timelines, rules of engagement, and communication protocols with your team.

Step 02

Reconnaissance & Threat Modelling

Passive and active intelligence gathering to map your attack surface, followed by prioritisation of targets by business value and likely attack paths.

Step 03

Testing & Exploitation

Identify and validate vulnerabilities through manual and automated testing, followed by targeted exploitation to prove risk and assess business impact.

Step 04

Reporting & Remediation

Detailed reporting of all findings with evidence, risk ratings, and clear remediation steps, followed by a debrief to walk through priorities.

What you receive

Your deliverables.

01

Penetration Test Report

A single report covering executive summary, technical findings with CVE references and CVSS scores, evidence screenshots, and prioritised remediation guidance.

02

Findings Debrief

A walkthrough of the results with your technical team, covering key findings, risk context, and remediation priorities, with time for questions.

03

Ongoing Support

Post-engagement support from the Illume team to answer questions about findings and remediation guidance.

FAQ

Frequently asked questions.

What does a network penetration test include?
A network penetration test assesses your internal and external infrastructure for exploitable vulnerabilities. This includes testing machines, servers, Active Directory and domain infrastructure, firewalls, routers, VPNs, and network services such as SMB, RDP, and SSH. Our testers simulate real-world attack techniques by chaining vulnerabilities together to form attack paths, providing additional context on the risk to your organisation.
How long does a network penetration test take?
The duration depends on the environment being tested. Factors such as the number of offices, networks, machines, servers, and employees in your organisation are all considered during scoping. A small office network will require fewer days than a large enterprise with multiple sites and complex Active Directory environments. We agree the exact duration during scoping so you receive a fixed-price proposal before any work begins.
What is the difference between internal and external penetration testing?
External testing assesses your internet-facing infrastructure, including firewalls, VPN gateways, and public-facing services, simulating an attacker with no prior access. Internal testing simulates a threat actor who has already gained a foothold inside your network, such as a compromised employee device or a malicious insider, and attempts to escalate privileges and move laterally. Most organisations benefit from both.
For internal testing, do your testers need to attend our premises, or can it be conducted remotely?
Internal penetration testing can be performed remotely, either by shipping a preconfigured testing device to your office which plugs directly into your network, or by deploying a virtual machine on your existing infrastructure that our testers connect to securely. Both options provide the same depth of assessment as an on-site engagement. If you would prefer our testers to attend your premises in person, on-site testing can also be arranged on request.
How often should we have a network penetration test?
Industry best practice is to conduct a network penetration test at least annually, and after any significant infrastructure changes such as new office locations, cloud migrations, or major network reconfigurations. However, as new vulnerabilities and attack techniques are discovered at an increasing rate, many organisations choose to test more frequently. Regular internal testing in particular helps identify emerging risks such as newly exploitable services, credential weaknesses, and changes to Active Directory that may have introduced unintended exposure.
Get Started

Ready to test your network security?

Speak to a CREST-certified consultant. We'll scope your engagement and provide a fixed-price proposal, with no obligation.

Get in Touch