Penetration Testing · Full Scope

Full Scope Penetration Testing

End-to-end testing across your entire attack surface — external perimeter through internal network.

What is a Full Scope Penetration Test?

A full-scope penetration test is a comprehensive assessment that combines both external and internal testing methodologies. It evaluates your entire attack surface, starting from public-facing internet assets and progressing deep into the internal corporate network. This end-to-end, project-based evaluation provides a complete picture of your defensive posture, demonstrating how an attacker could breach the perimeter and the subsequent damage they could inflict internally.

What We Test

External Testing

▸OSINT, credential intelligence, and exposed-service enumeration
▸Attacks against login portals (Website, O365, VPN, etc.) and MFA bypassing
▸Third-party data-leak enumeration (S3 buckets, GitHub, etc.)

Internal Testing

▸Active Directory security testing and shared resource enumeration
▸Password, pass-the-hash, Kerberoasting, and ticket attacks
▸Man-in-the-middle attacks (LLMNR/NBT-NS, SMB/LDAP/IPv6 relaying)
▸Pivoting and lateral movement to demonstrate full breach impact

▸Other testing depending on specific customer content and footprint
▸Free remediation re-test included

Frequently Asked Questions

Schedule an Assessment

Full Scope Penetration Testing

What is a Full Scope Penetration Test?

What We Test

External Testing

Internal Testing

Frequently Asked Questions

Why do we need both internal and external testing at the same time?

Does a full-scope test disrupt business operations?

Who typically needs a full-scope test?