"Moving to E5 has been really good from a security point of view... Now we can get a holistic view of whatโs going on, which helps us to make changes and recommendations for future plans."
Kickstart Your FastTrack Journey
Fill out the short form below to express your interest in our FastTrack programme, and weโll be in touch soon.
โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
Keep up to date with the experts
Get insights directly to your email inbox
Follow us on social
โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
Request a Call
First we need a few details.
Notepad++ recently disclosed a compromise of its shared hosting infrastructure that affected its update endpoint between June and December 2025. Threat actors altered update endpoints within configuration files to deliver a malicious version of the software to specific targets. This resulted in downstream users โ potentially including businesses โ downloading what appeared to be a legitimate update, but which gave attackers a foothold on compromised devices and therefore internal networks.
This incident exemplifies a worrying class of attacks where trusted software is abused to deliver malicious code. Even organisations with robust perimeter defences and sound update policies can find themselves exposed to full compromise, if internal threat paths are not routinely tested.
In my opinion, the critical lesson for organisations is clear: internal penetration testing is no longer optional โ it is integral to reducing the blast radius of an initial compromise. Organisations must understand itโs not a case of if a threat actor gets past initial external defences, itโs a case of when.
In their public incident report, Notepad++ explained that a shared hosting server was compromised, and threat actors manipulated the software update pipeline to introduce malware into update packages. This effectively turned a trusted software delivery mechanism into an attack vector.
Such supply chain attacks are not new, but they continue to evolve. They combine external infiltration with internal impact, meaning the harm is not limited to the compromised vendor – it extends to every organisation that unwittingly consumes the malicious artefact.
Caption: โConcept of a software supply chain attack, where malicious code in trusted components can infect multiple organisations.โ
Traditional security measures, like patching, firewalls, endpoint protection, focus on keeping threats out. The Notepad++ breach shows that even with strong external defences and well managed update practices, adversaries can still gain an initial foothold.
Once inside, the question becomes:
How quickly and easily can a threat actor escalate that foothold to compromise critical internal systems like Active Directory?
Internal penetration testing (internal pentesting) answers this question by simulating paths a real attacker might take after gaining access to an internal endpoint. In enterprise and SME environments alike, this is where the game changes.
Internal pentesting engagements focus on reducing the risk, taking steps to mitigate a single compromised host resulting in a full blown internal breach. Key outcomes include:
These exercises go beyond scanning for missing patches or misconfigurations. They assess the way systems and identities actually interact, mirroring techniques used by sophisticated threat actors.
Caption: โAfter the initial access has been gained, threat actors can move laterally across internal systems to escalate privileges and reach critical assets.โ
Organisations often think in terms of blocking external threats. That remains critical, but it is not sufficient: once an attacker is inside (whether via a supply chain issue, phishing, or an exploited service) the real danger is how easily they can traverse your internal estate.
Internal penetration testing provides:
By testing after compromise scenarios, SMEs gain confidence that a single misstep does not turn into a wide scale internal breach.
Threat actors increasingly combine user trust (such as software updates) for initial access into organisational networks, with targeted exploitation of these networks to meet the threat actorโs goals. This means:
Internal pentesting complements your existing security measures by exposing real attack paths and providing a clear view of where controls succeed and where they fall short.
At Stripe OLT, we see that internal penetration testing fundamentally changes how organisations understand and prioritise their internal risk. We donโt just find vulnerabilities โ we contextualise them in terms of business impact and real attack scenarios.
Our internal pentesting services help you understand:
This deeper understanding directly informs better risk management and resilience planning.
The Notepad++ incident serves as a timely reminder that threat actors can and will find ways to exploit trusted systems. Strong external controls and update policies remain important, but organisations need to ensure that a single compromised endpoint doesnโt cascade into a full internal breach.
Internal penetration testing gives you visibility into the paths that matter most and equips your teams to prioritise and mitigate accordingly.
Want clearer insight into how your internal network behaves under attack scenarios? Talk to us about internal penetration testing and turn unknown pathways into known outcomes.
