The Raptoric Journal/Offensive Security
Offensive SecurityJune 1, 2026 · 8 min read

Network penetration testing explained

External testing asks how someone gets in. Internal testing asks how far they get once they do. Here is what network penetration testing covers and why assume-breach is the question that matters.
Written by
R
Raptoric Offensive Security
Share
LinkedInX / TwitterCopy link

Network penetration testing comes in two flavors that answer two different questions. External testing looks at your perimeter the way an outsider does and asks how they get in. Internal testing assumes someone already has a foothold and asks how far they can go. Both matter, because real attacks rarely stop at the first host.

External network testing

Your internet-facing surface is bigger than you think: VPNs, mail servers, web apps, forgotten staging boxes, and the service someone exposed for a migration two years ago. External testing maps that surface and probes it for weak entry points, exposed services, and misconfigurations. It is the first thing a real attacker does, so it is the first thing you should test.

Internal network testing and assume-breach

Perimeters fall. A phishing email lands, a contractor laptop is compromised, a credential leaks. The question that decides whether that becomes an incident or a breach is what happens next. Assume-breach testing starts the engineer inside the network and measures how far they move: lateral movement, privilege escalation, and the path to your most valuable systems.

What it finds

  • Exposed and misconfigured services on the perimeter.
  • Weak segmentation that lets an attacker move freely once inside.
  • Active Directory weaknesses, the backbone of most internal compromise.
  • Over-privileged accounts and reused credentials.
  • Paths from a low-value foothold to high-value targets.

How it runs

  • Scope and rules of engagement agreed in writing.
  • Reconnaissance and mapping of the target network.
  • Exploitation of entry points, then lateral movement and escalation.
  • A proven path to the agreed objective, with critical findings flagged immediately.
  • A reproducible report and a retest of the fixes.

When to test the network

Test the perimeter at least annually and after any change to internet-facing systems. Run internal assume-breach testing to validate segmentation and detection, especially before a NIS2 or DORA assessment, both of which care about how you contain and respond to intrusion.

Prevention decides if they get in. Segmentation and detection decide if it matters.

See our offensive security service, or book a scoping call to scope a network test.

Want this tested on your own systems?
A senior engineer will scope it with you on a 30-minute call.
Book a scoping call
Keep reading
All insights →