• External network pen testing (black box) simulates an outsider attack with no internal knowledge specifically targeting public-facing assets like firewalls, web servers and exposed IPs. The goal is to test your perimeter defenses just like a real-world hacker would.
  • Internal network pen testing (gray box) assumes the attacker is already inside and mimics insider threats or post-breach scenarios. It evaluates risks like lateral movement, privilege escalation and access to sensitive systems across the internal environment.
  • Wireless pen testing targets Wi-Fi infrastructure by testing encryption standards (WPA2/WPA3), rogue access points, weak passwords and misconfigurations. This type of testing helps secure the airspace around your offices and facilities.
  • Social engineering pen testing (red team tactics) puts the human firewall to the test. Using phishing, pretexting, baiting or tailgating, this approach evaluates how susceptible your employees are to manipulation and how well your cybersecurity training and protocols hold up under real pressure.
  • Physical security pen testing assesses the effectiveness of an organization’s physical barriers and procedures. Testers attempt badge cloning, lockpicking or even plugging into open network jacks. This type of testing is ideal for facilities with high security requirements.
  • Cloud pen testing examines cloud environments like AWS, Azure, or GCP for misconfigured storage, open ports, weak IAM roles, and exposed services—everything from S3 buckets to serverless functions.
  • IoT/OT network penetration testing targets Internet of Things (IoT) or Operational Technology (OT) networks used in manufacturing, energy, healthcare and other industries. This type of penetration testing often uncovers outdated firmware, legacy protocols and exploitable gaps in device-to-network communication.