Penetration Testing

Network penetration testing that finds the way in.

Your network is the backbone of the business, and every device, service, and connection is a potential way in. SubRosa's network penetration testing exposes the internal and external weaknesses an attacker would chain together, then hands you a prioritized path to close them.

Internal & external · Infrastructure · Wireless · Cloud access

Network penetration testing, defined

What is network penetration testing?

Network penetration testing is a controlled attack on your network infrastructure, both external (internet-facing) and internal, to find and safely exploit the weaknesses a real attacker would use: unpatched devices, weak configurations, exposed services, and paths for lateral movement. The goal is not a list of scanner output but proof of what an attacker could actually reach, and a clear plan to shut it down.

What we test

External and internal, every layer.

From your internet-facing perimeter to the inside of your network, we test everything an attacker would target.

External network testing

We attack your internet-facing perimeter the way an outside adversary would: exposed services, VPN and remote access, misconfigurations, and known-exploitable vulnerabilities.

Internal network testing

From an assumed-breach position inside the network, we test segmentation, privilege escalation, and lateral movement, showing how far an attacker gets once they are in.

Full infrastructure coverage

Routers, switches, firewalls and IDS/IPS, load balancers, VPN concentrators, DNS and DHCP, and file, mail, and database servers, all tested against real attack techniques.

Actionable reporting & retest

An executive summary, a detailed technical report with reproduction and remediation steps, a prioritized roadmap, and complimentary retesting once you have fixed the findings.

Why SubRosa

Offensive depth, business context.

20+ years breaking in

Two decades of hands-on offensive work across every kind of network, so testing reflects how attackers actually operate rather than a checklist.

Real exploitation, not scans

We safely chain and exploit findings to prove real-world impact and validate your controls, going well beyond automated scanner output.

Prioritized by real risk

Every finding is ranked by the risk it carries and the access it grants, so your team fixes what matters first.

Every finding, tracked to closed.

From report to remediation.

Your network pen test findings land in Sable, prioritized, assigned, and tracked from open to retested, so remediation becomes a managed workflow instead of a PDF that gets forgotten.

Network findings in Sable
Network findingsExternal + internal
  • Critical
    Default creds on VPN gateway
    External
    Open
  • High
    Exposed RDP to the internet
    External
    In progress
  • High
    Kerberoasting to domain admin
    Internal
    Open
  • Medium
    SMB signing not required
    Internal
    Retested
18 findings · 3 criticalPrioritized · assigned

Find the way in before they do.

Book a network penetration test and see exactly what an attacker could reach across your infrastructure, and how to stop them.