Host-Based Pentesting

NetSPI » PTaaS » Network » Host Based

NetSPI’s performs a deep dive review of baseline workstation and server images used to deploy systems to the corporate environment. In addition to  Host-Based we also offer virtual desktop & application testing.

Host-Based Penetration Testing Benefits

NetSPI’s host-based penetration testing reduces organizational risk and improves network security. Standard network penetration testing engagements may not provide comprehensive insights into the vulnerabilities that exist in your baseline workstation, server images, Citrix / VMware deployed desktops and applications.

Host-Based Testing Variations

During host-based penetration tests, NetSPI tests system drive encryption, group policy configurations, patch levels, service configurations, user and group roles, third party software configurations, and more. It also includes a review of the systems and applications for common and known vulnerabilities. Host-Based testing can be conducted against physical hardware, virtual machines, virtual desktops, and most Windows, Linux, z/OS, and MacOS variations.

“”

Our flexible, scalable solutions adapt to your organization’s size, complexity, and as well as specialized testing projects at smaller scale.

Virtual Desktop Citrix / VMware

Identify vulnerabilities that provide unauthorized access to the operating system through desktops published via virtualization platforms. NetSPI reviews the system configurations that could be used to escalate privileges, pivot into internal environments, or exfiltrate sensitive data.

Virtual Application Breakout Testing

During virtual application penetration testing, NetSPI identifies the risks specific to applications published through virtualization platforms along with traditional application testing to help ensure that your company is staying safe while trying to adapt to evolving business needs.

Tips for Managing Host-Based Security

1 ) Workstation Image Security

Most organizations deploy laptops using a standard set of system images and configurations. Ensure all workstation images are configured based on a secure baseline, and that those configuration baselines are actively managed and updated. Track and apply critical OS and application patches, and audit applications and management scripts for vulnerabilities to common attacks. Securely implement and manage hard drive encryption. Finally, complete a security audit or penetration test for each of your workstation images, keeping in mind that most organizations have more than one in use, such as Windows 7, Windows 10, or MacOS.

2 ) Virtual Desktop Infrastructure (VDI)

Not all employees have physical laptops these days. Many employees and vendors access applications and desktops through solutions like Citrix. Ensure VDI portals and VPN currently configured with multi-factor authentication (MFA), audit how easily users can exfiltrate data through shared drives, the clipboard, printers, email, websites, or other common egress points. Limit user ability to pivot to critical internal resources like database, application servers, and domain controllers. Lock down deployed applications to prevent unauthorized access to the operating system.

3 ) Windows and Linux Server Security

While workstations and VDI portals are directly exposed to the public, once an attacker pivots into the environment it’s often trivial to identify Windows and Linux servers to target. Make sure those standard deployment images and configurations have also been reviewed and hardened to help reduce attack surface. Vulnerability scanning by itself is not enough to identify vulnerabilities that could be used by authenticated attackers.

4 ) Employee Training

Make sure to train your employees on how to securely access and manage your company’s IT assets. Also make sure training covers easy ways to identify and avoid potential scams. Understanding how things like phishing attacks can affect you personally can be a powerful way to help people protect themselves and your company.

/

Host-Based Resources

Ransomware

Healthcare’s Guide to Ryuk Ransomware: Advice for Prevention and Remediation

Making its debut in 2018, the Ryuk ransomware strand has wreaked havoc on hundreds of businesses and is responsible for one-third of all ransomware attacks that took place in 2020.

Learn More
Cloud Pentesting

Azure File Shares for Pentesters

Explore Azure file shares for pentesting in this informative post. Learn how to set up a file share service and create new file shares in your Azure subscription.

Learn More
Red Teaming

CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender

NetSPI discovered multiple arbitrary SYSTEM file delete vulnerabilities in SonicWall NetExtender for Windows. Learn how NetSPI discovered and leveraged these for local privilege escalation.

Learn More

Leader & Outperformer in 2025 GigaOm Radar for Penetration Testing as a Service ( PTaaS )

You Deserve The NetSPI Advantage

Human-Led

  • 350+ pentesters
  • Employed, not outsourced
  • Wide domain expertise

AI-Accelerated

  • Consistent quality
  • Deep visibility
  • Transparent results

Modern Pentesting

  • Use case driven
  • Friction-free
  • Built for today’s threats