Skip to main content
Network Penetration Testing Methodology Hero
Each and every network penetration test is conducted consistently using globally accepted and industry-standard frameworks. At a minimum, the underlying framework is based on the Penetration Testing Execution Standard (PTES) but goes beyond the initial framework itself.

RedTeam Security's Network Penetration Methodology

RedTeam Security's network penetration testing methodology is based on the Penetration Testing Execution Standard (PTES) framework and combines the results from industry-leading testing tools with manual testing to enumerate and validate security vulnerabilities, find attack vectors, configuration errors, and business logic flaws. While automated tools check for known vulnerabilities, they are incapable of assessing real business risk or determining the extent of the possible exploitation. Our network security testing helps you improve your security posture by lowering the risk of unauthorized access and sensitive data breaches, improving productivity, protecting your brand from cyber attacks, and maximizing the ROI from your network devices.

While automated testing enables efficiency, it is effective in providing efficiency only during the initial phases of a penetration test. At RedTeam Security, it is our belief that an effective and comprehensive network pen test can only be realized through rigorous manual testing techniques.

RedTeam Security's penetration testing methodology assesses the targeted Internet-facing and internal systems using a multi-layered approach: Information Gathering, Threat Modeling, Vulnerability Analysis, Exploitation and Reporting.

Before beginning the network pen test security assessment, the pre-engagement phase begins. During the pre-engagement phase, RedTeam Security will collect details required to execute and kick off the project. The data elements collected during this step include: testing windows, testing dates, IP addresses, along with other relevant information. This phase is crucial as it establishes the overall rules of engagement for the network security assessment.

Using the information gathered for the kick-off meeting, RedTeam Security confirms the necessary details to ensure the assessment is executed efficiently, effectively and in accordance with the overall objectives.

Information Gathering

The information-gathering phase of our network pen testing methodology starts the process.  Information-gathering consists of Google search engine reconnaissance, server fingerprinting, network enumeration, and more. Information gathering efforts result in a compiled list of metadata and raw output with the goal of obtaining as much information about the network's makeup as possible. Reconnaissance includes initial device footprinting, service enumeration, and operating system and application fingerprinting. The purpose of this step is to collectively map the in-scope environment and prepare for identified vulnerabilities.

During the Information Gathering phase, RedTeam Security will:

  • Use discovery tools to passively uncover information about the network
  • Perform network fingerprinting and enumeration in order to identify components, devices, operating systems, etc.
  • Actively scan for available services and vulnerabilities and develop a test plan for latter phases in the security assessment

Threat Modeling

With the information collected from the previous step, security testing transitions to identifying vulnerabilities in the network. This typically begins with automated scans initially but quickly morphs into manual testing techniques using more pointed and direct tools. During the threat-modeling step, assets are identified and categorized into threat categories. These may involve sensitive information, trade secrets, financial documents, etc.

During this phase, RedTeam Security penetration testers will:

  • Use open-source, commercial, and internally developed tools to identify and confirm well-known vulnerabilities
  • Spider the in-scope network device(s) to effectively build a map of each of the operating systems, open ports and services, and areas of interest
  • Use discovered sections, features, and capabilities to establish threat categories to be used for more manual/rigorous testing (i.e., default admin credentials, session hijacking, known vulnerabilities in out-of-date components)
  • Build the network's threat model using the information gathered in this and the previous phase to be used as a plan of attack for later phases of the assessment
  • Upload vulnerability information to the customer portal for those vulnerabilities that exist but will not be exploited due to time constraints or risk to devices

Vulnerability Analysis

The vulnerability analysis phase involves the documenting and analysis of vulnerabilities discovered as a result of the previous network penetration testing steps. This includes the analysis of out from the various security tools and manual testing techniques. At this point, a list of attractive vulnerabilities, suspicious services, and items worth researching further has been created and weighted for further analysis. In essence, the plan of attack is developed here.


Unlike a vulnerability assessment, a network penetration test takes such a test quite a bit further specifically by way of exploitation. Exploitation involves actually carrying out the vulnerability's exploit (i.e., buffer overflow) in an effort to be certain if the vulnerability is truly exploitable.

During the Exploitation phase of a penetration test, RedTeam Security's pen testers will attempt to gain access to the devices, networks, or applications through the bypassing of firewalls and other security controls and by the exploitation of vulnerabilities in order to determine their actual real-world risk. Throughout this step, we perform several manual tests simulating real-world attacks that are incapable of being performed through automated means. This phase of a RedTeam Security penetration test consists of heavy manual testing tactics and is often the most time-intensive phase.

Exploitation may include but is not limited to credential harvesting/guessing, network sniffing, leveraging known vulnerabilities in outdated software.

As part of the Exploitation phase, RedTeam Security will:

  • Attempt to manually exploit the security issues identified in the previous phase to determine the level of risk and level of exploitation possible
  • Capture and log evidence to provide proof of exploitation (images, screenshots, configs, etc.)
  • Notify the client of any Critical findings upon discovery by telephone and email
  • Upload validated exploits and their corresponding evidence/information to the project portal for client review


The reporting step is intended to compile, document, and risk rate findings and generate a clear and actionable report, complete with evidence, for the project stakeholders. The report is delivered via the RedTeam Security's portal.  A presentation or review of findings can occur via virtual meeting if requested. At RedTeam Security, we consider this phase to be the most important and we take great care to ensure we've communicated the value of our service and findings thoroughly.


In order to perform a comprehensive real-world assessment, RedTeam Security utilizes commercial tools, internally developed tools, and some of the same tools that hackers use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.  

We make use of tools from the following categories (not a complete list):

  • Commercial tools (i.e.: Nessus, AppScan, Nexpose)
  • Hacker tools (i.e.: Kali Linux, nmap, Metasploit)
  • RedTeam Security's developed tools

Free Retesting of Remediated Findings

Along with detailed descriptions and screenshots of vulnerabilities and how RedTeam Security's pen testers found them, we provide recommendations based on best practices on how to remediate those vulnerabilities. Our objective is to help fix vulnerabilities, not just find them. As a result, remediation re-testing is always provided at no additional cost. Once you have a chance to remediate those vulnerabilities you feel would best improve your security posture, let us know and we will schedule a retest of those findings and provide you with an updated report.  

RedTeam Security - Here When You Need Us

We consider the reporting phase to mark the beginning of our relationship. RedTeam Security strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverables. We provide clients with an online remediation knowledge base, dedicated remediation staff, and a ticketing system to close the ever-important gap in the remediation process following the reporting phase. Again, the underlying framework is based on the Penetration Testing Execution Standard (PTES) but RedTeam Security exceeds those standards.

At RedTeam Security, we understand your network's security is an essential piece of maintaining your organization's overall cybersecurity strategy. Network penetration is a detailed method of identifying any potential vulnerabilities. When it comes to your network, we will rigorously test all known exploits and look beyond to identify potential other vulnerabilities. From intelligence gathering to identifying potential vulnerabilities to offering solutions, RedTeam Security is committed to ensuring your network's security is the strongest. To learn more, contact RedTeam Security today at 612-234-7848.

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at 612-234-7848 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.