What is analysed
We perform an exhaustive analysis of the internal network and exposed services, identifying real vulnerabilities that an attacker could exploit to compromise the corporate environment.
Areas covered
- Exposed surface: port scanning and enumeration of accessible services
- Network vulnerabilities: outdated services, known CVEs, insecure configurations
- Segmentation: verification of segmentation controls (including PCI-DSS scope)
- Credentials and services: controlled brute-force on services
- Base scope: up to 30 internal IPs + 5 external (expandable)
Depth levels
QUICK SHOT
Service enumeration and known vulnerability detection. Quick first assessment.
STANDARD
Full network and exposed services analysis with prioritised recommendations.
DEEP
Controlled exploitation, lateral movement and pivoting. Maximum environment coverage.
Deliverables
Executive report for management and technical report for the team, both in bilingual PDF (ES/EN), with findings prioritised by impact and remediation guidance.