Cloud Testing
Gain a deep understanding of the flaws in your Azure and AWS environments
TrustedSec ensures that cloud services are tested using real-world tactics, techniques, and procedures (TTPs).
The configuration of an organization’s Microsoft Azure or Amazon Web Services instance and the application code or assets residing in the environment can contain security issues that are not present in traditional on-premise environments. Penetration testing evaluates the effectiveness of cloud security programs and identifies deficiencies that could put your information assets at risk.
TrustedSec builds on a traditional, uncredentialed Penetration Test with the Assumed Access Model for cloud environments. The Assumed Access Model gives TrustedSec additional views into an environment, revealing what an attacker would have access to if they were to compromise user credentials, an application, or the underlying application stack. Our approach to cloud assessments can help you identify real-world attack paths particular to your organization's cloud environment.
With TrustedSec you can:
- Gain objective insight into vulnerabilities that may exist within Azure or AWS
- Test the environment using the latest attack intelligence and techniques.
- Identify systemic weaknesses in the cloud controls
- Improve resiliency to attack
- Evaluate the effectiveness of your IT security defenses
- Create a more secure cloud computing environment for all stakeholders
“It's an incredible, collaborative environment where I can rely on anyone for support, and that's truly priceless.”Martin BosCSO, VP of Consulting Services
Martin Bos
CSO, VP of Consulting ServicesMartin works extensively with clients to help understand where and why their defenses failed and, more importantly, how to remediate the issues. For this reason, Martin is passionate about testing the security posture of organizations with all of the defenses and security controls in place. While working in the security field, Martin has conducted penetration testing against a large number of Fortune 500 companies in varying business verticals such as financial institutions, retail chains, casinos, manufacturing, and education.
Top 5 Things That Will Land an Attacker in the Azure Cloud
Unprotected cloud environments can pose significant threats to your company reputation, data, and applications, requiring robust security measures and regular…
Kicking it Old-School with Time-Based Enumeration in Azure
IntroductionYet another user-enumeration method has been identified in Azure. While Microsoft may have disabled Basic Authentication some time ago, we can…
Unwelcome Guest: Abusing Azure Guest Access to Dump Users, Groups, and more
Enumerate Azure AD users and groups with guest access, exploiting default settings to reveal hidden user lists and group membership.
Weaponization of Token Theft – A Red Team Perspective
This blog is the start of several deep dives into the weaponization of token theft. The focus of this blog will be on conditional access around devices and…
Control Tower Pivoting Using the Default Role
Using AWS Control Tower to Prevent Pivoting Attacks on AWS Organizations and Control Tower.
Hacking Your Cloud: Tokens Edition 2.0
Access compromised Azure credentials to bypass MFA, gain OWA access, and conduct cloud penetration testing using stolen refresh tokens and Burp Suite Pro.
Azure AD Kerberos Tickets: Pivoting to the Cloud
Compromising an Azure cloud presence via machine account SSO is possible, allowing attackers to impersonate any account without MFA, using compromised service…
A Primer on Cloud Logging for Incident Response
Review Azure, AWS logs to investigate identity-based cloud incidents, including resource and network logs, and enable traditional forensic analysis if needed.
Common Conditional Access Misconfigurations and Bypasses in Azure
Conditional Access configurations in Azure prevent unauthorized access, but common misconfigurations and bypasses can occur, leading to security risks,…
Learn more about our services from an expert.
Let our experts tailor solutions to your security challenges.
