The aim of this paper was to conduct a white box penetration test to demonstrate the risks to the company network from a malicious insider, i.e. someone who has plugged a machine into the network.