Penetration testing on the cloud is unique, bringing its own set of security factors. While some vulnerabilities are mitigated by the cloud provider’s security measures, the complexity of these services leaves many companies exposed. Redlings’ cloud penetration testing services are aimed at specifically these needs, identifying the configuration and implementation flaws which often go unchecked.

The Differences – traditional infrastructure vs cloud penetration testing

Cloud penetration testing is different than traditional penetration testing, just like cloud architecture/infrastructure is different than traditional on-premises architecture/infrastructure. Cloud providers like Amazon AWS, Google Cloud Platform (GCP), and Microsoft Azure offer many features/services, but generally follow the a shared-responsibility model, where the cloud provider is in charge of the security of the cloud, such as security relating to hardware and backend infrastructure, and you are in charge of the security in the cloud, such as configurations of your servers, privileges granted within your environment, and much more.

How Hackers usually get access to the cloud

This describes some of the common methods that malicious actors will use to gain access to your cloud environment, although it’s aimed towards the compromise of Amazon Web Services (AWS) credentials, the ideas apply to nearly all cloud providers at a larger scale. Some of these methods include:
  • A 3rd party is doing malicious things that you are unaware of
  • A 3rd party you trust is compromised.
  • Misconfigured repositories leaking sensitive data
  • Mistakes in commits, publishing sensitive data
  • Credentials stored locally stolen through local file inclusion (LFI) or remote code execution (RCE)
  • Credentials stolen through a servers metadata through server-side request forgery (SSRF) or RCE
  • An old 3rd party database is compromised, your users are still using a compromised password
  • Users using the same password across many accounts
  • Phishing emails or pretext calls
  • Physical vectors
  • Employees getting compromised, then bringing that to your environment
  • Employee mistakes leading to unintended consequences

Amazon Web Services (AWS) Penetration Testing

The AWS architecture is comprised of a set of powerful APIs. Deeply integrated into the AWS ecosystem, our security engineers test for a range of AWS-specific misconfigurations, including the following:

IAM

  • Analyze permissions for privilege escalation paths (through services like Lambda, EC2, etc.)
  • Checking for misconfigured roles, attempting to access them
  • Establish persistence through backdoor users/roles

EC2/VPC

  • Enumerating Instances, Security Groups and AMIs to stage EC2 attacks
  • Abusing Simple Systems Manager for remote access to instances
  • Analyzing EC2 User Data for secrets or system credentials
  • Identifying routes between VPCs for lateral movement and escalation

S3

  • Check for misconfigured buckets (unauthenticated)
  • Once authenticated, check access to S3 buckets for sensitive files and data
  • Leverage existing S3 buckets to exfil data or stage further attacks

Lambda

  • Analyze code and configuration for sensitive information disclosure
  • Privilege Escalation through Lambda IAM Roles and SDK’s
  • Data exfiltration through modification of data-processing functions
  • Create new Lambda functions for alerting attackers to blue team activities(such as removal of previous AWS backdoors)

RDS

  • Modifying/evading Security Group rules to access RDS databases
  • Bypassing RDS authentication through copy of backups and RDS password change
  • Exfiltration of RDS data through cross-account C2 channel

CloudTrail / GuardDuty

  • Various methods of trying to evade detection, cover tracks, and generally stay under the radar
  • Downloading logs to get a better idea of common activity in the environment

Microsoft Azure Penetration Testing

Penetration testing on the Azure cloud is unique, bringing its own set of security considerations. While some vulnerabilities are mitigated through Azure’s security measures, the complexity of these services leaves many companies exposed. One of Azures’ strongest features is the immense flexibility that is provided to the users in setting up the environment. While the flexibility is great to have, it’s also a significant security concern. Redlings’ penetration testing services are aimed specifically at these needs, identifying the configuration and implementation flaws which often go unchecked. The following are a few examples of such cloud services that may be tested:
  • Microsoft Azure
  • Office 365 / SharePoint Online / Teams
  • Microsoft Account
  • SharePoint Online
  • Visual Studio Team Services
  • Microsoft Dynamics 365

Google Cloud Platform (GCP) Penetration Testing

In our assessments, we go beyond automated scanning to provide an in-depth assessment of your environment. We check for a variety of different vulnerabilities and misconfigurations, some including:
  • Privilege escalation checks for all IAM members (users/service accounts) that access your environment
  • Checking for lack of least-privilege, demonstrating what an attacker would do with that extra access
  • Kubernetes Engine configuration analysis and exploitation
  • Testing security controls (can you detect us exfiltrating data from your virtual machines, Google Storage, databases, or anywhere else? Can we evade your technical controls? Can you stop us from acting maliciously or detect us when we do?)
  • Best practices: Stackdriver logging/monitoring, encryption, built-in security tools such as Cloud Security Scanner
  • Checking your external perimeter from within the inside: what is exposed publicly that shouldn’t be?
  • Cross-user/project/organization privilege escalation/abuse
  • Backdoor/persistence methods in the account (surviving “getting caught”)
  • Code review of Cloud Functions, exploitation through Cloud Function triggers, configuration, and setup
  • Pivoting between clouds/on-premise environments (abusing cross-cloud/environment trusts through services/features like Interconnect, shared VPCs, and VPC peering)

Have we sparked your interest?

Just give us a call or write us a message!

Erfolgreich! We have received your request. Thank you very much.
Fehler! An error occurred while sending. Please use another way to contact us!

We use cookies to improve user experience and analyze website traffic. Read about how we use cookies and how you can control them by clicking "Privacy Preferences".

Privacy Preferences I Agree

Privacy Preferences

When you visit any website, it may store or retrieve information through your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to permit data collection from certain types of services. However, not allowing these services may impact your experience.