The process of performing internal assessments varies by penetration testing firm. For many, the most common approach is to run a vulnerability scan and provide the rebranded results with a hefty bill for their effort. While this approach will find the most common problems on a network, it won’t prevent a dedicated attacker from gaining control of your assets.
more here..........http://www.solutionary.com/resource-center/blog/2014/06/internal-network-enumeration-and-privilege-escalation/
more here..........http://www.solutionary.com/resource-center/blog/2014/06/internal-network-enumeration-and-privilege-escalation/