Cloud Testing
Gain a deep understanding of the flaws in your Azure and AWS environments
TrustedSec ensures that cloud services are tested using real-world tactics, techniques, and procedures (TTPs).
The configuration of an organization’s Microsoft Azure or Amazon Web Services instance and the application code or assets residing in the environment can contain security issues that are not present in traditional on-premise environments. Penetration testing evaluates the effectiveness of cloud security programs and identifies deficiencies that could put your information assets at risk.
TrustedSec builds on a traditional, uncredentialed Penetration Test with the Assumed Access Model for cloud environments. The Assumed Access Model gives TrustedSec additional views into an environment, revealing what an attacker would have access to if they were to compromise user credentials, an application, or the underlying application stack. Our approach to cloud assessments can help you identify real-world attack paths particular to your organization's cloud environment.
With TrustedSec you can:
- Gain objective insight into vulnerabilities that may exist within Azure or AWS
- Test the environment using the latest attack intelligence and techniques.
- Identify systemic weaknesses in the cloud controls
- Improve resiliency to attack
- Evaluate the effectiveness of your IT security defenses
- Create a more secure cloud computing environment for all stakeholders
“It's an incredible, collaborative environment where I can rely on anyone for support, and that's truly priceless.”Martin BosCSO, VP of Consulting Services
Martin Bos
CSO, VP of Consulting ServicesMartin works extensively with clients to help understand where and why their defenses failed and, more importantly, how to remediate the issues. For this reason, Martin is passionate about testing the security posture of organizations with all of the defenses and security controls in place. While working in the security field, Martin has conducted penetration testing against a large number of Fortune 500 companies in varying business verticals such as financial institutions, retail chains, casinos, manufacturing, and education.
Top 5 Things That Will Land an Attacker in the Azure Cloud
- Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched…
Kicking it Old-School with Time-Based Enumeration in Azure
IntroductionYet another user-enumeration method has been identified in Azure. While Microsoft may have disabled Basic Authentication some time ago, we can…
Unwelcome Guest: Abusing Azure Guest Access to Dump Users, Groups, and more
Abusing Guest Access: Dumping User Lists and Group Membership with Guest Access in Azure ADThis post will walk through a user, group, and application…
Weaponization of Token Theft – A Red Team Perspective
This blog is the start of several deep dives into the weaponization of token theft. The focus of this blog will be on conditional access around devices and…
Control Tower Pivoting Using the Default Role
Introduction The cloud security landscape for AWS has continued to evolve each year to become a complex set of products and best practices with the goal of…
Hacking Your Cloud: Tokens Edition 2.0
Office and Microsoft 365 tokens can add some interesting dynamics to Azure and Microsoft 365 services penetration testing. There are a few different ways of…
Azure AD Kerberos Tickets: Pivoting to the Cloud
If you've ever been doing an Internal Penetration test where you've reached Domain Admin status and you have a cloud presence, your entire Azure cloud can…
A Primer on Cloud Logging for Incident Response
Overview This blog post will provide an overview of common log sources in Azure and AWS, along with associated storage and analysis options. At a high level,…
Common Conditional Access Misconfigurations and Bypasses in Azure
Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user's password is known.…
Learn more about our services from an expert.
Let our experts tailor solutions to your security challenges.
