Network Infrastructure Assessment

A ship survives a hull breach because of its watertight bulkheads: water floods one compartment and stops there. A flat network is a ship with no bulkheads at all, only one big hold where a single breach floods everything. A network built flat and trusting is one in which one modest foothold can quietly become access to the whole estate. Our Breach Impact Assessment studies holistically what a breach could achieve, and what opportunities for privilege escalation an attacker would have. Our Network Infrastructure Assessment focuses on network topology as a key variable that perhaps more than any other determines these opportunities. Your network is the fabric that connects everything, and hence its topology is your first line of defence. Our Network Infrastructure Assessment maps your switches, routers, firewalls, segmentation, and the core services an attacker will immediately try to abuse. This work is especially relevant to ransomware resilience, since the speed and reach of a ransomware operator are determined almost entirely by exactly the lateral-movement and privilege paths afforded to them.

Segmentation And Trust

The first thing to check is if your network has any partitioning. However, our central concern is the presence of real, not nominal, partitioning, so we do far more than simply ask you a checklist of questions about your networks. We aim to directly assess whether VLANs enforce the boundaries they imply, and whether a user subnet can reach servers and interfaces they should never need to touch. We test segmentation practically rather than on paper: from a representative starting point, we attempt to actually reach the systems that are supposed to be unreachable, because a VLAN documented as isolated but routing anyway is worse than no claim of isolation. We test the classic internal attacks - ARP spoofing and man-in-the-middle positioning, VLAN hopping, rogue device insertion - and examine firewall and router rule sets for the permissive any-any rules that accumulate over years.

The Active Directory Attack Surface

Many organisations operate in Windows-centric environments, and in such environments the network and Active Directory are inseparable. Security testing of Active Directory thus has a significant role in our Network Infrastructure Assessment for organisations that rely on it. This includes enumeration of your Active Directory configuration, overviewing credential management, and exploring options for lateral movement. We test for common weaknesses in name resolution and authentication, such as LLMNR and NBT-NS poisoning that yield credentials, SMB signing left unenforced enabling relay attacks, and the Kerberos weaknesses that let an attacker request and crack service-account tickets offline. Beyond individual weaknesses, we map attack paths holistically: the chains of group memberships, delegated permissions, and session footholds that connect an ordinary user to domain dominance, much as graph-based tooling reveals to an attacker. Identifying these paths is often more valuable than any single finding, because it shows you the precise edges to cut.

What You Receive

You receive a clear view of how an attacker would move through your network, prioritised by the severity of where each path leads, with remediation guidance addressing both the immediate findings and the architectural patterns behind them - stated not as "SMB signing is disabled" in the abstract, but as "from a standard user device, this is the route to domain administrator." We can run the assessment as a purely external test of your perimeter, as an internal assessment from a representative network position, or both. For organisations that want this demonstrated end to end from a realistic internal starting point, it sits naturally alongside a Breach Impact Assessment, which carries a single foothold all the way to its objective.