AlgoSecure Audit LAN is an internal network penetration testing service that evaluates the security of an organization's information system resources accessible from the corporate network. It focuses exclusively on IT security, excluding physical security or personnel awareness assessments. Two audit methodologies are offered: - Black box (no user credentials): simulates a threat actor with only physical network access. - Grey box (standard user account): simulates a threat actor with a standard employee-level account. The audit process follows the PTES (Penetration Testing Execution Standard) and covers four phases: 1. Reconnaissance & enumeration: discovery of exposed services and machines across network segments using tools such as nmap. 2. Exploitation: leveraging identified weaknesses to escalate privileges and access sensitive data. 3. Debrief: verbal summary of key findings including impact, attacker skill level required, and attack complexity. 4. Report & restitution: delivery of a written report followed by a formal presentation covering both managerial and technical perspectives. Key areas tested include: - Network share security (SMBv1 usage, anonymous access, access rights) - Windows authentication sequence attacks (LLMNR/NetBIOS, NTLM relay, WDigest, SMB signing, IPv6 misconfigurations) - Microsoft Exchange server security (patching, privileges, legacy protocol exposure such as MS-RPRN) - Active Directory and Windows network administration (privilege escalation paths, BlueKeep, EternalBlue, PrivExchange, Kerberoasting, MIC-Remove)