We are conducting internal pen testing and it’s done by third party.
I ran Nessus scanner and fixed most of the critical vulnerabilities. I don’t want to get hacked even though it’s fine. Is there anything I can do so when the try to run their tools they aren’t able to do much.
They will be pen-testing against ad, VMware, aps, file shares, network switches. I have tighten up the firewall config followed all the best practice.
What do I typical pen-testing look like?