Cloud Security Assessment

Review and assess applications deployed in your cloud for security and design flaws.

With emerging cloud computing services, cloud security has become a burning issue amongst information security professionals. As cloud services have evolved over time, attackers have evolved the complexity and nature of the attack on different cloud services. Cloud data leaks have become more and more frequent. Robust cloud security is extremely crucial for businesses or organizations that are recently shifting to the cloud from conventional data storage methods. Payatu boosts the security of your cloud infrastructure by identifying threats caused by misconfigurations, unwarranted access, and non-standard deployments.

Our Approach

Initial Reconnaissance

  • Perform OSINT operations on the target organization. Enumerate subdomains and identify the attack surface.
  • Analyze CloudFormation data to identify stack information and hosts.
  • Enumerate AWS IP address range and identify target hosts based on IP information.
  • Use Google Dorks to gather information about AWS assets and leaked credentials.
  • Identify hosted zones from Route53. Gather CNAME and DNS records along with MX?
  • Gather domain information and subdomain information from Route53 registry
  • Discover and steal keys left exposed on the public network.
  • Discover API endpoints such as AWS Lambda and serverless endpoints.
  • Use Shodan and Censys to identify services left exposed to the public network.
  • Scan the IP Addresses in range for open TCP & UDP ports, grab the banner and figure out the services running.

Pentesting EC2 Instances

  • Perform automated Vulnerability Scans using Nessus and NeXpose on target hosts to identify vulnerabilities.
  • Brute force the common services using the common passwords as well as with other credentials harvested during the assessment.
  • Try to exploit the services running either using existing exploits or find new exploits.
  • Identify Web Application vulnerabilities hosted on EC2 machines

S3 Bucket Kicking

  • Perform OSINT and reconnaissance activities to identify S3 buckets of the target organization
  • Use Google Dorks along with automated tools like DigiNinja Bucket Finder to identify existing S3 buckets.
  • Use BuckHackerto to identify publicly discoverable buckets.
  • Examine the security configuration of identified S3 buckets using S3Scanner and other tools.
  • Identify potentially vulnerable buckets with public read/write permissions.
  • Exfiltrate sensitive data from publicly readable buckets and leverage the same to further compromise the infrastructure.
  • Exploit publicly writeable S3 buckets for more advanced attacks on users and the cloud infrastructure

Pentesting RDS Instance

  • Perform OSINT and reconnaissance activities to identify RDS instances of the target organization.
  • Use Google Dorks along with Shodan and Censys to identify RDS instances with database service port left open to the public.
  • Identify RDS snapshots on AWS that may have been left public accidentally.
  • Enumerate RDS instances to identify build and version numbers.
  • Look for publicly available exploits for identified build and version
  • Use automated tools to enumerate database users for publicly accessible DB service.
  • Exfiltrate sensitive data from RDS snapshots and leverage the same to gain further access into the cloud infrastructure.
  • Brute force publicly accessible DB service to breach the database and gain further access to sensitive data.

Pentesting Lambda and Serverless Endpoints

  • RASP triggers alarm only in case of successful attacks as it goes beyond perimeter security and finds vulnerabilities in the application at runtime
  • Integrate RASP to hook with the application at runtime
  • Identify the input parameters of each function and test for injection vulnerabilities.
  • Perform source code review of the Lambda function to identify possible vulnerabilities
  • Exploit injection vulnerabilities to get code execution and/or exfiltrate data from the cloud
  • Use discovered flaws to exfiltrate environment variables and steal AWS Keys and SSH keys to gain further access into the AWS infrastructure

Privilege Escalation and Persistence

  • Use initial foothold to gather sensitive information like AWS Keys, SSH Keys, etc.
  • Determine the level of access achieved out of stolen keys.
  • Use automated tools like Boto3 and Pacu to enumerate IAM roles, policies, and profile permissions.
  • Bypass GuardDuty detection mechanism to maintain stealth during the enumeration phase.
  • Leverage poorly configured IAM roles and policies to escalate privileges.
  • Use escalated privilege to gain further access into the network
  • Backdoor IAM roles and profile permissions to maintain access to the AWS infrastructure.

Security Configuration Audit

  • Use initial foothold to gather sensitive information like AWS Keys, SSH Keys, etc.
  • Determine the level of access achieved out of stolen keys.
  • Use automated tools like Boto3 and Pacu to enumerate IAM roles, policies and profile permissions.
  • Bypass GuardDuty detection mechanism to maintain stealth during enumeration phase.
  • Leverage poorly configured IAM roles and policies to escalate privileges.
  • Use escalated privilege to gain further access into the network
  • Backdoor IAM roles and profile permissions to maintain access to the AWS infrastructure.

Service Offering

GET STARTED

Get to know more about our process, methodology & team!

Close the overlay

I am looking for
Please click one!

All Blogs ›  Latest Blogs

23/11/2020
surendra

Strengthening Cybersecurity in a Remote Work Environment

14/10/2020
asmita-jha

IoT Security - Part 18 (101 - Hardware Attack Surface: JTAG, SWD)

14/10/2020
surendra

How to get maximum value out of your security investment

All News ›  Latest News

Webinar, Online
27-November-2020

Munawwar Hussain Shelia will be giving a talk on “The Art & Craft of writing ARM shellcode”.

Talk, Online
26-November-2020

Asmita Jha will be giving a talk on “Secure IoT product development with an understanding of the attacker’s perspective” at Nullcon Masterclass for Developers

Virtual Event
18-November-2020

Munawwar Hussain Shelia will be speaking at HITB Cyber Week on the topic Writing Bare-Metal ARM Shellcode