This case outlines how iT.eam conducted a comprehensive internal and external pentesting project for a European organization with high cybersecurity maturity, addressing both technical demands and industry compliance requirements. 

With the increasing complexity of hybrid environments (corporate and industrial), ensuring cyber resilience requires more than just tools: it demands strategy, precision, and specialized execution. Check out our performance!

Challenges 

From a business standpoint, the main challenge was clear: ensure that the organization’s infrastructure — composed of both corporate and OT (Operational Technology) environments — was prepared to withstand real-world threats, with a focus on continuous improvement and control validation. 

On the technical side, the project involved: 

  • Highly segmented environments 
  • Critical equipment (such as industrial PLCs) 
  • Integration between distinct domains 
  • And the need for simultaneous and coordinated testing across multiple attack vectors 

Methodology and frameworks applied 

To ensure a structured approach with industry best practices, we applied internationally recognized methodologies: 

  • PTES (Penetration Testing Execution Standard) 
  • OWASP Top Ten 
  • OSSTMM (Open Source Security Testing Methodology Manual) 
  • NIST SP 800-115 
  • TIBER-EU 
  • DORA (Digital Operational Resilience Act) 
  • PCI DSS 

These frameworks guided all phases of the projecft — from planning to retesting — with a focus on technical value, traceability, and strategic alignment. 

Pentest phases  

At iT.eam, we follow a structured process based on the best practices defined in the frameworks mentioned above. In this project, we conducted the following phases: 

  1. Pre-engagement: defining scope, objectives, constraints, and schedule with the client 
  2. Information gathering: mapping assets, subdomains, topologies, and exposed services 
  3. Threat modeling: identifying realistic attack scenarios based on the organization’s profile and sector threats 
  4. Vulnerability analysis: automated scanning combined with manual validation of findings 
  5. Exploitation: controlled exploitation to validate impact and risk 
  6. Post-exploitation – lateral movement, persistence, and simulated data exfiltration 
  7. Technical report: delivery of a document with evidence, criticality-based prioritization, and actionable recommendations 
  8. Retesting: validation of corrections implemented by the client’s internal team 

Tools used 

We combined cutting-edge tools with manual analysis to ensure full coverage and accurate results. Key resources included: 

  • Nmap: network scanning for hosts, ports, and services 
  • Amass & theHarvester: public information gathering and external asset mapping 
  • Burp Suite & SQLMap: web application exploitation and code injection testing 
  • Hydra & Hashcat: brute-force attacks and hash cracking 
  • BloodHound: mapping relationships and privilege paths in Active Directory to support lateral movement planning 
  • Mimikatz: credential extraction from system memory, allowing reuse of NTLM hashes for lateral movement with psexec. 
  • Customized C2: custom command and control infrastructure for executing specific payloads with advanced evasion and traceability 
  • Joplin (self-hosted): secure evidence storage with encryption and SIEM log integration 

Key vulnerabilities identified 

During the analysis, we identified vulnerabilities of varying criticality levels, including: 

  • Failures in authentication and access segregation 
  • Presence of outdated or poorly managed software 
  • Possibility of lateral movement within the environment 
  • Insecure configurations in industrial assets 

All findings were manually validated and documented with practical evidence, always respecting the boundaries agreed upon with the client. 

Team approach 

The project was conducted over three weeks and involved a strategic division of the team:  

  • One team focused on external testing, targeting internet-facing assets 
  • Another team dedicated to internal testing, covering corporate subnets, industrial controllers (PLCs), and workstations 

To support all phases, we used a robust set of tools such as Nmap, Burp Suite, SQLMap, Hashcat, Hydra, and Joplin — all within a secure and self-hosted environment. 

Observed benefits 

iT.eam’s work enabled the organization to: 

  • Strengthen security controls in critical environments 
  • Fix relevant flaws before real incidents could occur 
  • Gain technical clarity to prioritize mitigation actions 
  • Validate the effectiveness of corrective measures with supervised retesting 
  • Meet security and compliance requirements set by the industry 

Testimonial

“Carrying out the internal and external pentesting project at [name of the company] was an extremely enriching experience for our team. The company demonstrated a mature approach to information security, and its corporate infrastructure — robust and highly segmented — presented technical challenges worthy of a benchmark environment in its sector. Even so, we were able to successfully conduct the tests, achieving the proposed objectives in both external and internal analyses, always focused on delivering value and continuously improving the organization’s security posture.” 

Institutional image of Francisco Marinho, Red Team Leader at iT.eam, technical manager for the internal and external pentesting project presented in the case.

Conclusion 

The coordinated and precise execution of the pentest led to tangible improvements in the organization’s security posture, with validated technical evidence and a focus on operational continuity. 

At iT.eam, we carry out all types of pentests. In addition to internal and external testing, we also perform mobile, wireless, API, network, social engineering, and web application pentests. 

Whether in BlackBox, GrayBox, or WhiteBox mode, our intrusion tests follow a customized approach. We combine international methodologies with the expertise of a highly qualified and certified team (OSCP, CEH, CompTIA, and more). 

Promotional banner about internal and external pentesting. Highlighted text: “Learn more about the benefits of pentesting in our exclusive eBook!”. Button on the top left: “Download”. Illustration on the right with a padlock and digital layers.

Our process goes far beyond identifying vulnerabilities. We deliver clear and prioritized reports, support remediation with validated retesting, and provide consultative guidance from start to finish. 

Each project is tailored to the client’s environment, with a strong focus on agility, technical quality, and confidentiality. 

Want to assess the maturity level of your infrastructure? Learn more about our pentest service!