Conducting an Internal and External Pentest is one of the most effective ways to assess an organization’s cybersecurity maturity. These tests identify concrete risks — especially when the environment is restricted, critical, and provides little technical information at the outset. 

In this project, we joined forces with Vallem, a cybersecurity company based in the Netherlands, to test the security of a European organization under real-world conditions. All of this with a tight scope and timeline. 

The goal was to test the resilience of a hybrid infrastructure — including both corporate networks and operational technology (OT) — with agility and precision. The technical execution followed consolidated methodologies, combining multi-vector exploration, clear communication, and action-oriented deliverables. 

The result: critical vulnerabilities identified, a successful compromise simulation, and technical outputs that accelerated the client’s decision-making process. 

In this case study, you’ll explore the full journey — from scoping to final report — and see how the combination of method, collaboration, and hands-on experience ensured a solid outcome despite initial constraints. 

Keep reading to explore the challenges overcome, the technical approach applied, and the results achieved through an internal and external Pentest conducted with precision and impact! 

Executing an Internal and External Pentest with a limited scope: the main challenges overcome 

Every Pentest starts with a crucial step: defining the technical scope. In this project, that process required extra attention, since the initial information provided by the client was limited and lacked detail about the target infrastructure. 

Even in this scenario, iT.eam led the technical execution by structuring a realistic approach focused on tangible risks. The partnership with Vallem — which served as a strategic interface with the client — was essential to ensure project fluidity, respecting constraints while maintaining a clear focus on business impact. 

Another major challenge was the timeline: the client expected fast results, with a tight schedule for testing and delivery. This required organization, experience, and agile communication between all parties, ensuring smooth execution despite technical and time limitations. 

Methodology and frameworks in the Internal and External Pentest conducted by iT.eam and Vallem 

To ensure the precision and depth of the testing process, we applied a set of internationally recognized frameworks. The methodological approach was adapted to the project’s context, prioritizing the most relevant business risks — even with limitations in the initial technical scope. 

The frameworks applied included: 

  • PTES (Penetration Testing Execution Standard) 
  • OWASP Top Ten 
  • PCI DSS 
  • TIBER-EU 
  • DORA 
  • OSSTMM 
  • NIST SP 800-115 

The combination of these frameworks enabled a technically robust assessment, focused on real-world exploitation scenarios and delivering practical outcomes for the client. 

Pentest phases 

The structure of the project followed the key stages of a standard Pentest, as outlined below: 

  • Pre-engagement: Joint definition of scope, objectives, limitations, and timeline, based on PTES and NIST guidelines. 
  • Information gathering (Reconnaissance): Mapping of domains, subdomains, applications, IP blocks, and topologies using a combination of passive and active techniques. 
  • Threat modeling: Identification of threat agents and likely attack paths, based on TIBER-EU and MITRE ATT&CK, considering the organization’s profile and industry context. 
  • Vulnerability analysis: Systematic scanning of assets using automated tools combined with manual validation, prioritizing real risks and technical context. 
  • Exploitation: Controlled testing of identified vulnerabilities to validate criticality through practical evidence of unauthorized access or privilege escalation. 
  • Post-exploitation: Lateral movement, persistence, and data exfiltration simulation, always respecting the boundaries defined during the pre-engagement phase. 
  • Technical report: Clear documentation of vulnerabilities, including evidence, impact analysis, and prioritized recommendations in line with NIST SP 800-115. 
  • Retesting: Final verification of applied corrections, ensuring that identified vulnerabilities were effectively addressed and measurable improvements achieved. 

Main approaches and resources used 

Throughout the Pentest execution, we used specialized tools for each phase of the process — from information gathering to evidence documentation. Below are the main resources applied in the project, organized by functionality: 

Reconnaissance and Enumeration 

The reconnaissance process followed a hybrid approach, combining passive (OSINT) and active techniques. We used various open sources, proprietary resources, and specialized tools to map the target environment with maximum discretion and efficiency. This phase included: 

  • Collection and correlation of domains, subdomains, emails, and exposed services 
  • Analysis of attack surfaces exposed on the internet 
  • Identification of data leaks related to the organization or its assets 
  • Enumeration of services and operating systems with cross-validation 
  • Assessment of technologies used in web applications 

Exploitation and web application assessments 

In the exploitation phase, techniques and tools were used to detect and validate real vulnerabilities, focusing on practical impact and business risk. This included: 

  • Identification of flaws in web applications, such as authentication issues, data exposure, and remote code execution 
  • Evaluation of specific applications (such as CMSs and internal portals), using targeted plugins and dorks 
  • Manual and automated testing with different tools for broad coverage 

Internal mapping and access to critical hosts 

The internal phase of the project focused on detailed mapping of hosts and services exposed in the corporate network, aiming to identify viable exploitation paths. Based on the visibility obtained, technical routes were traced to reach sensitive assets with high operational impact. 

Key activities included: 

  • Discovery of internal assets and services through scanning and fingerprinting techniques 
  • Identification of vulnerable configurations, exposed services, and common flaws in legacy systems 
  • Exploitation of vectors that enabled remote code execution (RCE) and privilege escalation 
  • Access to critical network hosts, demonstrating real compromise scenarios and potential impact on the organization’s environment 

Documentation and evidence 

Throughout the process, evidence was continuously collected and stored in a self-hosted solution, with applied encryption and access restricted exclusively to Red Team members — ensuring full confidentiality. Documentation focused on clarity and consistency, facilitating impact analysis and prioritization of remediation actions. 

Speed, communication, and coordination: how the partnership enabled an effective Pentest 

Despite a restricted technical scope and tight deadlines, the Pentest execution was fluid, technically sound, and highly coordinated between the iT.eam and Vallem teams. 

From the pre-engagement phase, direct and agile communication between teams was essential to structuring the test with a focus on real risks — even without a complete technical overview of the environment. 

Collaboration between experts, combining technical knowledge with strategic insight, was one of the highlights of the project. Additionally, the structure of the technical report and the clarity of evidence presentation helped facilitate communication with the end client, leading to quicker approval of fixes and prioritization of mitigation efforts. 

Results achieved through the Internal and External Pentest 

Despite the limited initial scope and need for rapid execution, the Internal and External Pentest revealed critical flaws that could have compromised the entire organization if exploited by malicious actors. 

The iT.eam team successfully simulated a full attack chain, demonstrating real-world risk through solid technical evidence. The clear presentation of findings — with risk ratings aligned to the client’s operational reality — enabled more effective prioritization of corrective measures. 

In addition, the technical report offered value beyond documentation. It supported Vallem’s discussions with the client’s team, making it easier to communicate and gain approval for the recommended security improvements. 

Finally, the retesting cycle validated the effectiveness of the applied fixes. This ensured that the identified vulnerabilities were properly addressed — resulting in a stronger and verifiable security posture. 

What Vallem and iT.eam say about the project 

Testimonial – Vallem  

“Before we began the Pentest, iT.eam took the time to discuss the scope and risks with us. Even without a clear prior view of the environment, they were able to identify realistic risks and define an appropriate scope. During testing, communication was excellent, and even minor technical issues were resolved quickly thanks to the team’s expertise. The final report was clear, actionable, and aligned with the organization’s reality — which made it easier to get fast approval for the necessary improvements. In short, a high-quality delivery with agility and impeccable presentation.” 

Bjorn Overbeek, Vallem Security, highlights the strategic partnership with iT.eam and the outcomes of the Internal and External Pentest in a critical infrastructure

 

 

Testimonial – iT.eam 

“Participating in this security assessment was an intense and rewarding experience. From the beginning, it was clear that we were dealing with a technically advanced environment, with well-defined controls and a complex architecture. This led us to rethink traditional strategies and adopt unconventional approaches to identify failure points and gain access to internal systems. The project required a high level of critical analysis and teamwork to adapt methodologies and achieve the expected outcomes — always focused on generating real value for the organization.” 

Renner Martins, Red Team Operator at iT.eam, shares technical insights from the Internal and External Pentest carried out with Vallem in a European organization

Why choose iT.eam for Internal and External Pentest projects 

At iT.eam, we treat each project as unique — applying a solid methodology, collaborative execution, and full focus on real risks. Our approach goes beyond technical testing: we connect vulnerabilities to concrete business impact and deliver actionable evidence for strategic decision-making. 

We rely on an experienced, certified team prepared to operate across diverse environments — from corporate networks to industrial infrastructures — always with precision, confidentiality, and accountability. 

If your organization needs to test its resilience with depth, intelligence, and practical insight, talk to iT.eam. Our team is ready to turn Pentest into a strategic asset for your cybersecurity posture. Get in touch with our team!