Internal Infrastructure Pen Test

May 2024 Promotion

For any internal infrastructure penetration test booked before the end of May 2024, URM will provide a free domain passwords audit. The audit will allow your organisation to assess the strength of the passwords set by your domain users.  The activity aims to identify the use of weak passwords across your domain, for both administrative and non-administrative users. The activity consists of cracking the passwords of all your domain users, using wordlists and rules in order to provide analysis of cracked passwords (e.g., % of total passwords cracked, top 10 most used passwords, passwords using common base words like ‘password’, ‘welcome’, ‘letmein’, low priv and admin users sharing the same password, dates in passwords like ‘Tuesday123’, ‘Summer2023’, number of admin accounts with weak passwords, etc.).

Register your interest in the form below

Why URM?

As a CREST-accredited organisation, URM is able to provide reassurances that all the policies, processes and procedures which underpin its cyber security penetration testing have been independently assessed and deemed to be fit for purpose.  Furthermore, accreditation to the CREST OVS programme reflects URM’s commitment to employing highly skilled individuals who are able to deliver Level 1 and Level 2 ASVS and MASVS assessments for web and mobile applications.  With its CREST penetration testing URM is able to support you through the whole penetration testing process, providing support during all the phases of the project.

Terms and conditions of offer

  • Your organisation must have an on-premise Active Directory and provide Domain Admin equivalent privileges to URM in order to extract the password hashes from the domain controller.
  • This type of password audit cannot be provided when using purely cloud-based domains.
  • The offer is limited to organisations with up to 1000 users within their domain(s). The number of domains is not critical, as long as the total number of passwords to crack is less than 1000.  If there are more than 1000 passwords to crack, URM can provide a quotation.


Please note, we can only process business email addresses.

This was a great exercise for the business to go through as some gaps were found and URM provided valuable information on remediation.