Cybersecurity Services

Infrastructure penetration testing

Infrastructure penetration testing focuses on the security of both the application environment and the supporting infrastructure, including third-party services and applications. The testing is performed with a combination of manual and automated techniques, tailored for the specific environment.

schedule a call

External penetration testing

External penetration testing simulates a persistent outside attacker. We use two different models when conducting external penetration testing:

  • Blackbox penetration testing implies no prior knowledge of the infrastructure, so it is important to conduct adequate intelligence activities to identify potential entry points for the attack;
  • Greybox penetration testing implies that the testing scope is predefined and agreed upon with the Customer, but no details are provided regarding the supporting infrastructure, application architecture, and third-part services and frameworks.

In any case, after the scope is defined, we use the same methodology for both models, covering different types of attacks, misconfiguration, and security flaws.

Internal penetration testing

Internal penetration testing implies that the attacker has either insider access or has successfully breached the perimeter. However, unlike adversary simulation assessments, a complete simulation focusing on stealth, evasion, and lateral movement in the network is not performed as a part of the internal penetration test. Instead, the testing team focuses on identifying as many potential attack vectors and compromise paths as possible, partially giving up attack realism to expand the testing coverage.

Thus, the penetration testing team is provided network access to all segments that need to be tested and basic relevant information about the environment and the segmentation of the infrastructure is tested separately, covering both network and service layers of the infrastructure while being more time-efficient.

Infrastructure penetration testing methodology

Infrastructure penetration testing assessments are very different between customers, but we use a repeatable and reliable structure for our tests. The step-by-step approach ensures consistency in key areas while being flexible enough to account for different attack environments and scenarios.  The infrastructure penetration testing consists of the following steps:

Passive information gathering (optional)

In the case of a BlackBox external penetration test, different OSINT techniques are used in order to identify the potential attack surface.

Active information gathering

Both network and application security scanners are used to map the attack surface and gather information about in-scope applications and services.

Manual vulnerability testing

Scanning results are reviewed and the penetration testing team manually searches for security flaws and misconfigurations that can be potential vulnerabilities.

Vulnerability validation and exploitation

Security flaws vulnerabilities are exploited in order to assess their security risk and potential to be used in a chain.

Building an attack path

The vulnerabilities validated on the previous stage are chained, if possible, to create potential attack paths that can lead to compromise.

Creating a report

After conducting all of our penetration testing activities, we create a comprehensive report describing discovered vulnerabilities and attack paths. Once the report is reviewed, a debrief meeting is scheduled to answer any questions and elaborate on the details in the social engineering report.


Tenendo dedicates most of the project to manual security testing and never fully relies on the output of automatic tools, allowing us to discover vulnerabilities missed by previous contractors or internal vulnerability assessments.

Vulnerabilities that we find are always used to make the attack simulation as accurate as possible by chaining them in a realistic attack scenario. Penetration testing results are never simply a list of vulnerabilities discovered and include complex exploitation chain analysis and scenario execution details, providing an overview of real-world risk for an application or infrastructure.

We also incorporate our red team operations knowledge in infrastructure penetration tests and vulnerability assessments, discovering applicable vulnerabilities, misconfigurations, and security flaws to help harden the infrastructure against attacks that may be out of scope, like social engineering attacks.

Related services:

Post navigation