What's the difference between the external and internal assessments?
External assessments
During an external network security assessment, we perform the exact same activities as we would internally, with the exception of open source intelligence (OSINT) gathering. During OSINT, vPenTest is attempting to gather the company's domain names, DNS records, usernames, and more.
Internal assessments
The internal network security assessment conducts the same attacks and scans as the external network, but no OSINT is performed unless it's difficult to gather potentially valuable usernames on the internal network environment, which is often not the case.