In this chapter, we discussed the process of testing a flat and internal network. We discovered that this means we do not have filters or layers that we have to traverse to attack the target. While this is a good thing, we also explained that these machines would have a number of protections in place. We also reviewed the role a vulnerability scanner plays with respect to internal testing; furthermore, we added the credentials to the scan and showed how much more information we can gather from this.

Following the introduction to the different host-based protection, we looked at them in more detail and in some cases, attempted a number of different techniques to bypass the different protections on the host that we might encounter. Specifically, we looked at the host firewall and the UAC settings and their impact on the testing results.

After we looked at the host firewall and UAC, we moved on and briefly looked at the additional endpoint protections that could challenge our testing.

Finally, we closed the chapter by looking at the challenges that the EMET tool might present for our testing and discussed some of the considerations that have to be looked at when attempting to bypass the tool. At the conclusion of this, we showed that we could still leverage the user and gain access to the machine regardless of the protections in place, and this is a good thing for our penetration testing.

This concludes the chapter. You have now reviewed some of the challenges that you might be facing with when you are testing the flat and internal networks. We will next look at the testing methods when evaluating servers and services for weaknesses.