In a penetration test, ethical hackers imitate what real attackers would do. This term is often shortened to “pentest,” while the hackers in question are called “pentesters.”
During a pentest, these pros search for vulnerabilities in the systems of a specific company and attempt to bypass security as part of an attack.
When they are working from an external network (such as the Internet), this is an external pentest. By comparison, in an internal pentest, attacks originate from inside the company (by testing with typical employee privileges or with the physical access available to a random visitor, for example).
In recent years, we have seen a trend towards comprehensive projects in which companies want both external and internal pentesting. Sometimes an internal pentest may be a logical continuation of an external one. This approach allows assessing not just the probability of an attacker penetrating the local network, but also the consequences of developing the attack on company infrastructure