PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Network Security Testing

Network Security Testing (AKA Network Penetration Testing) involves both automated and manual evaluation and testing of your network to ensure it provides protection against abuse of your data. We use a combination of automated industry-standard scanning tools to look for well-known vulnerabilities as well as conduct extensive manual testing to find vulnerabilities and attack vectors not otherwise detectable by automated tools.

Full-Service Network Security Testing

This is more than a simple vulnerability assessment. We actively attempt to circumvent security controls by carrying out exploits that take advantage of discovered vulnerabilities, revealing what an adversary would be able to do. During testing, we look for any method that can violate the CIA Triad security model (confidentiality, integrity, availability).

  • Confidentiality is limiting information to only the authorized person(s) who should have access to it.
  • Integrity is ensuring data/communication at rest or in transit can only originate from, be sent to, or be modified by an authorized person(s).
  • Availability is the ability for an authorized person(s) to access the resources when needed.

The purpose of testing is to enumerate your exposure (within the given time constraints), identify and verify as many vulnerabilities as possible, ensure your security configurations are strong, and then provide actionable solutions to help you protect your organization from attack/compromise. Types of common vulnerabilities found during this testing include those that allow an attacker to gain remote access into your environment, escalate privileges, gain access to your most sensitive data, and exfiltrate it from your network. In most cases, we will leverage the discovered vulnerabilities to (1) verify it is exploitable and (2) determine your exposure, should it be breached.

See additional examples
DNS, Password complexity and lockout policy, WAF, Passive Collection, OSINT, Social Media, [Sub]domains, Cloud resources, Certificate transparency searches, Password dumps, Source code repos, Email addresses, Leakage areas, Open Directory Browsing, Tracked changes, history, versions, hidden folders/files, Username Predictability, SMTP, Service Enumeration, Fingerprinting, Vulnerability Analysis, Threat Modeling, Blocks, Geolocation, DNS, Domain jacking, Vulnerability scanning, SSL/TLS, Fuzzing, fingerprint, HTTP/HTTPS Services, SMTP, SSH, Insecure Protocols/Unencrypted, Remote access, SQLi, Restricted console / kiosk escape, Shared web hosting, File uploads, Other web related vulns, Public Exploits, Custom Exploits, Business impact attacks, protection mechanisms, Custom Exploitation, Gaining Access, Penetration, Defense Evasion, Countermeasure Bypass, Detection Bypass, QUIC, Sandbox Testing, AMSI evasion, Brute Force & password spraying, RDP / mstsc, Crypto, Auth, Disabled NLA / CredSSP, MiTM, IPMI, Dump hashes, RMI / Java Deserialization, Redis, Custom malware and RATs, Backdoored binaries, RF Access, Attacking the User, Social engineering, Attacking the Endpoint, NTLM_theft, DHCP and DNS poisoning, NTLM relaying, SSDP / UPnP, Kerberoast, AS-REP Roast, Silver ticket, golden ticket, pass the ticket, group policy restrictions, Remote Access Channels, VPN / Virtual Private Networking, Citrix VDI / xendesktop, Session control, Reverse Shell, Persistence, Autoruns, Key loggers, Screens scrappers, Active Directory / LDAP, GPO / Group Policy, smb/samba/network shares, Loggers/SEIMs, SNMP, VoIP / SIP, iSCSI, Video Cameras, Services on the endpoint, User permissions, Backups, Stored passwords, FTP, portals, Email, Database Enumeration, custom apps, History/Logs, Audio Capture, Wifi, Source Code Repos, VPN, Token Stealing and Reuse, Password Reuse, Exploit file permissions, Data Exfiltration, Outbound internet/content filtering, DNS and ICMP tunnels, Outbound/egress ports, DLP, VoIP channels, Fax, and more.

The testing is largely centered around the PTESNIST SP 800-115, and OSSTMM testing guides, but also includes our internal/proprietary methodologies.  This is “noisy” and may generate alerts in the monitoring solutions you have deployed.

View our Sample Findings and Recommendations Report to see the level of detail PEN Consultants provides in our report.

Schedule a Consultation

Sample Pricing


  • Minimum: Less than 5 active IPs – $9,000 - $12,000
  • Micro: 10 active IPs – $11,000 - $15,000
  • Small: 20 active IPs – $12,000 - $18,000
  • Medium: 40 active IPs – $13,000 - $21,000
  • Large: 75 active IPs – $14,000 - $25,000
  • xLarge: More than 75 active IPs – Varies


  • Minimum: Less than 50 active IPs (<5 servers) – $12,000 - $15,000
  • Micro: 250 active IPs (25 servers) – $14,250 - $18,750
  • Small: 750 active IPs (65 servers) – $15,500 - $22,500
  • Medium: 2,000 active IPs (150 servers) – $18,000 - $30,000
  • Large: 7,500 active IPs (375 servers) – $25,000 - $50,000
  • xLarge: More than 7,500 active IPs (>375 servers) – Varies

Add-On Services

In order to keep our testing prices low, we’ve removed certain services that not every client requests. Under our Cybersecurity Unlimited Retainer (included with all of our contracts) you can add on the following services as needed. Please reference the Cybersecurity Unlimited Retainer page for pricing details.

Post-Testing Briefings
Executive Level and/or Technical Level
Micro: ~1.5 hours, Small: ~2 hours, Medium: ~2.5 hours, Large: ~3 hours, xLarge: 3+ hours
Remediation Testing
Micro: ~2.5 hours, Small: ~3 hours, Medium: ~3.5 hours, Large: ~4 hours, xLarge: 4+ hours
Assist Technical Support Staff with Mitigations
Hours vary depending on your needs
Assist SOC Staff in Building Detections
Hours vary depending on your needs
On-Site Supplemental Testing and/or Visits
See Cybersecurity Unlimited Retainer page for pricing details
DISCLAIMER: Sample pricing listed is not actual pricing. These dollar amounts are estimates based on the number of hours required for engagements of similar size and assumes white box testing and at least a 60-day lead time. They are provided to give you a ballpark idea of the cost for the service. The total cost will be based on the estimated number of hours needed to perform the requested service and our hourly rate. Black box testing, specific complexities, and other non-standard situations will increase costs. Additionally, sample pricing does not include travel or other non-standard expenses (specialized equipment, materials, etc.). Final pricing is determined during the no-obligation scoping phase (before testing starts).