Skip to Main Content

Cloud Testing

Gain a deep understanding of the flaws in your Azure and AWS environments

TrustedSec ensures that cloud services are tested using real-world tactics, techniques, and procedures (TTPs).

The configuration of an organization’s Microsoft Azure or Amazon Web Services instance and the application code or assets residing in the environment can contain security issues that are not present in traditional on-premise environments. Penetration testing evaluates the effectiveness of cloud security programs and identifies deficiencies that could put your information assets at risk.

TrustedSec builds on a traditional, uncredentialed Penetration Test with the Assumed Access Model for cloud environments. The Assumed Access Model gives TrustedSec additional views into an environment, revealing what an attacker would have access to if they were to compromise user credentials, an application, or the underlying application stack. Our approach to cloud assessments can help you identify real-world attack paths particular to your organization's cloud environment.

With TrustedSec you can:

  • Gain objective insight into vulnerabilities that may exist within Azure or AWS
  • Test the environment using the latest attack intelligence and techniques.
  • Identify systemic weaknesses in the cloud controls
  • Improve resiliency to attack
  • Evaluate the effectiveness of your IT security defenses
  • Create a more secure cloud computing environment for all stakeholders
“It's an incredible, collaborative environment where I can rely on anyone for support, and that's truly priceless.”
Martin BosCSO, VP of Consulting Services
Blog February 21 2023

Top 5 Things That Will Land an Attacker in the Azure Cloud

  1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched…

Read about this article
Blog October 03 2024

Kicking it Old-School with Time-Based Enumeration in Azure

IntroductionYet another user-enumeration method has been identified in Azure. While Microsoft may have disabled Basic Authentication some time ago, we can…

Read about this article
Blog March 07 2024

Unwelcome Guest: Abusing Azure Guest Access to Dump Users, Groups, and more

Abusing Guest Access: Dumping User Lists and Group Membership with Guest Access in Azure ADThis post will walk through a user, group, and application…

Read about this article
Blog February 27 2024

Weaponization of Token Theft – A Red Team Perspective

This blog is the start of several deep dives into the weaponization of token theft. The focus of this blog will be on conditional access around devices and…

Read about this article
Blog June 15 2023

Control Tower Pivoting Using the Default Role

Introduction The cloud security landscape for AWS has continued to evolve each year to become a complex set of products and best practices with the goal of…

Read about this article
Blog April 13 2023

Hacking Your Cloud: Tokens Edition 2.0

Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. There are a few different ways of…

Read about this article
Blog February 09 2023

Azure AD Kerberos Tickets: Pivoting to the Cloud

If you've ever been doing an Internal Penetration test where you've reached Domain Admin status and you have a cloud presence, your entire Azure cloud can…

Read about this article
Blog October 25 2022

A Primer on Cloud Logging for Incident Response

Overview This blog post will provide an overview of common log sources in Azure and AWS, along with associated storage and analysis options. At a high level,…

Read about this article
Blog October 04 2022

Common Conditional Access Misconfigurations and Bypasses in Azure

Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user's password is known.…

Read about this article

Learn more about our services from an expert.

Let our experts tailor solutions to your security challenges.