Many compromises are performed behind company firewalls on internal networks either by disgruntled employees, or malicious users who have gained access onto the internal network. Most companies do not know what is accessible on their network by just connecting to the network with no username or password and onto their domain. In many cases, domains and full administrator rights can be achieved by simple misconfigurations, bugs or weak access rights.

We essentially connect to your internal network onto a typical user network to replicate what a normal employee would be connected to. However, we would normally not have any credentials onto the network, but use weaknesses in the protocols we observe on the network, traffic we obtain, and vulnerabilities discovered on operating systems, applications and network devices to escalate privileges.