Cloud Security Assessment

Review and assess applications deployed in your cloud for security and design flaws.

A boutique cybersecurity consulting company founded in 2011, Payatu takes pride in being the only company in India to possess a state-of-the-art fuzz testing and IoT testing lab. The company shares a passion to provide solutions to future cybersecurity problems through cutting-edge security assessment services, conferences, and training.

Is your cloud really secure?

  • With emerging cloud computing services, cloud security has become a burning issue amongst information security professionals.
  • As cloud services have evolved over time, attackers have evolved the complexity and nature of the attack on different cloud services. Cloud data leaks have become more and more frequent.
  • Robust cloud security is extremely crucial for businesses or organizations that are recently shifting to the cloud from conventional data storage methods
  • Payatu boosts the security of your cloud infrastructure by identifying threats caused by misconfigurations, unwarranted access, and non-standard deployments.

Service Offering

  • Client Geography

    • USA, Europe
    • Southeast Asia
  • Team

    • Domain Experts
    • Regularly present research at International Summits
  • In-house Fuzz testing Infrastructure

  • Authored various open source tools

    • IoT exploitation framework
    • Dex Fuzzer
    • In-memory code injection framework for ARM/X86 Linux
    • Vulnerable windows driver
    • Vulnerable Android App
    • Tiredful API

Our Approach

Initial Reconnaissance

  • Perform OSINT operations on the target organization. Enumerate subdomains and identify the attack surface.
  • Analyze CloudFormation data to identify stack information and hosts.
  • Enumerate AWS IP address range and identify target hosts based on IP information.
  • Use Google Dorks to gather information about AWS assets and leaked credentials.
  • Identify hosted zones from Route53. Gather CNAME and DNS records along with MX?
  • Gather domain information and subdomain information from Route53 registry
  • Discover and steal keys left exposed on the public network.
  • Discover API endpoints such as AWS Lambda and serverless endpoints.
  • Use Shodan and Censys to identify services left exposed to the public network.
  • Scan the IP Addresses in range for open TCP & UDP ports, grab the banner and figure out the services running.

Pentesting EC2 Instances

  • Perform automated Vulnerability Scans using Nessus and NeXpose on target hosts to identify vulnerabilities.
  • Brute force the common services using the common passwords as well as with other credentials harvested during the assessment.
  • Try to exploit the services running either using existing exploits or find new exploits.
  • Identify Web Application vulnerabilities hosted on EC2 machines

S3 Bucket Kicking

  • Perform OSINT and reconnaissance activities to identify S3 buckets of the target organization
  • Use Google Dorks along with automated tools like DigiNinja Bucket Finder to identify existing S3 buckets.
  • Use BuckHackerto to identify publicly discoverable buckets.
  • Examine the security configuration of identified S3 buckets using S3Scanner and other tools.
  • Identify potentially vulnerable buckets with public read/write permissions.
  • Exfiltrate sensitive data from publicly readable buckets and leverage the same to further compromise the infrastructure.
  • Exploit publicly writeable S3 buckets for more advanced attacks on users and the cloud infrastructure

Pentesting RDS Instance

  • Perform OSINT and reconnaissance activities to identify RDS instances of the target organization.
  • Use Google Dorks along with Shodan and Censys to identify RDS instances with database service port left open to the public.
  • Identify RDS snapshots on AWS that may have been left public accidentally.
  • Enumerate RDS instances to identify build and version numbers.
  • Look for publicly available exploits for identified build and version
  • Use automated tools to enumerate database users for publicly accessible DB service.
  • Exfiltrate sensitive data from RDS snapshots and leverage the same to gain further access into the cloud infrastructure.
  • Brute force publicly accessible DB service to breach the database and gain further access to sensitive data.

Pentesting Lambda and Serverless Endpoints

  • RASP triggers alarm only in case of successful attacks as it goes beyond perimeter security and finds vulnerabilities in the application at runtime
  • Integrate RASP to hook with the application at runtime
  • Identify the input parameters of each function and test for injection vulnerabilities.
  • Perform source code review of the Lambda function to identify possible vulnerabilities
  • Exploit injection vulnerabilities to get code execution and/or exfiltrate data from the cloud
  • Use discovered flaws to exfiltrate environment variables and steal AWS Keys and SSH keys to gain further access into the AWS infrastructure

Privilege Escalation and Persistence

  • Use initial foothold to gather sensitive information like AWS Keys, SSH Keys, etc.
  • Determine the level of access achieved out of stolen keys.
  • Use automated tools like Boto3 and Pacu to enumerate IAM roles, policies, and profile permissions.
  • Bypass GuardDuty detection mechanism to maintain stealth during the enumeration phase.
  • Leverage poorly configured IAM roles and policies to escalate privileges.
  • Use escalated privilege to gain further access into the network
  • Backdoor IAM roles and profile permissions to maintain access to the AWS infrastructure.

Security Configuration Audit

  • Use initial foothold to gather sensitive information like AWS Keys, SSH Keys, etc.
  • Determine the level of access achieved out of stolen keys.
  • Use automated tools like Boto3 and Pacu to enumerate IAM roles, policies and profile permissions.
  • Bypass GuardDuty detection mechanism to maintain stealth during enumeration phase.
  • Leverage poorly configured IAM roles and policies to escalate privileges.
  • Use escalated privilege to gain further access into the network
  • Backdoor IAM roles and profile permissions to maintain access to the AWS infrastructure.

Service Offering

GET STARTED

Get to know more about our process, methodology & team!

Close the overlay

I am looking for
Please click one!

Latest news See all news

11-July-2020
Webinar, Online

Visit

Munawwar will give security professionals a comprehensive understanding of the ARM Architecture, reversing ARM binaries, exploiting vulnerabilities and the nuances of ARM shellcoding.

21-May-2020
Webinar, Online

Visit

Arun Magesh will be delivering a webinar on Introduction to IoT Reversing Firmware and discussing how to get started with IoT pentesting with hands-on.

25-April-2020
Workshop, Online

Visit

Ashfaq Ansari is conducting a workshop to get you started with kernel vulnerability analysis and exploitation in the Android platform.