Cloud Pentesting – Security in Cloud Infratructures
SEC Consult helps you uncover attack vectors in your cloud and container infrastructure. With our sophisticated exploits and expertise, we identify vulnerabilities, misconfigurations, paths for privilege escalation, lateral movements between environments, and even breaches in on-premises infrastructure.
SEC Consult ensures the protection of your company and end users by subjecting the security of Cloud- and Container Infrastructure to thorough analyses. We rely on industry best practices for this purpose.
The goal of our penetration tests is to examine your cloud infrastructure for vulnerabilities and misconfigurations. We focus on simulating real attacks and combine different security gaps in the cloud through privilege escalation and lateral movement to replicate the actual movement patterns of an attacker.
Our experienced security consultants are happy to assist you with targeted vulnerability analysis in the cloud through penetration tests on all major cloud hyperscalers, such as Azure, AWS, or GCP. Furthermore, we also conduct dedicated Kubernetes penetration tests and analyses of Docker.
Cloud Security by Experts
SEC Consult can provide them.
Our Expertise
Our experienced cloud penetration testers conduct over 100 cloud penetration tests each year and refine their skills through leading certifications as well as external and internal training in the industry. Building our expertise in cloud security is our top priority to stay one step ahead of attackers. This allows our experts to identify vulnerabilities in your infrastructure before attackers do. Our team holds the following certifications, among others:
Process of a Cloud Penetration Test:
An important aspect of our work is to educate you on how real attacks occur and provide you with measures to effectively mitigate threats and vulnerabilities. Therefore, we place a strong emphasis on conveying knowledge in an understandable manner. In the following Cloud Live Hacking session, we will gladly demonstrate how attacks in the cloud take place and how various attack techniques are combined.
(Video only available in German)
Our experienced security consultants address the following classes of vulnerabilities in the cloud penetration tests we conduct:
- Insecure identity and access management
- Disclosure of sensitive information in deployments or environment variables
- Public accessibility of cloud resources, such as storage accounts
- Use of outdated software in virtual machines
- Insecure handling of source code in serverless computing
We place a high value on a holistic view and carry out attacks on the data plane and the control plane of your cloud infrastructure.
FAQ – Frequently Asked Questions
In the Assumed Breach method, it is generally assumed that an attacker has managed to overcome the initial protective measures of a company and is now inside the internal network with valid user credentials. In the context of a cloud penetration test, this means that the security consultant gains access to low-privileged user data, allowing them to interact with the client's cloud infrastructure. These can include different types of user accounts, such as:
- Dedicated viewer/reader-only roles
- Regular user accounts
- Service accounts of a cloud resource, like a virtual machine
From this perspective, the cloud penetration tester begins to enumerate the infrastructure and identify misconfigurations. By combining various misconfigurations, vulnerabilities can be created that can be exploited to further navigate within the cloud environment.
No, all cloud providers follow a form of the 'Shared Responsibility Model'. This means that cloud providers take care of part of the security depending on the type of resource. However, the general rule is: 'If you can touch it, you own it' - in other words, if you can change the settings for a resource or decide what to execute, the security is generally your responsibility. It's important to remember: even if it is a fully managed service, you are responsible for the data you upload and the access rights.
AWS, Azure, and GCP have now abolished the requirement to inform them about penetration tests of resources in their infrastructure. Each provider has established a set of rules regarding which services and actions are allowed without needing to inform them. Generally, it can be said that this is similar to the 'shared responsibility model.' This means that penetration tests on resources that you manage yourself are allowed. On the other hand, no provider allows testing of Distributed Denial of Service (DDoS) attacks or attacking other customers. SEC Consult can assist you in understanding the specific conditions to determine whether it is necessary to inform the cloud provider in your particular case.
Our experienced security consultants typically require the following accounts to conduct the cloud penetration test.
Rolle | Beschreibung |
| Reader | Dieser Benutzer sollte Reader/Viewer Berechtigungen auf alle Ressourcen innerhalb des Scopes des Tests besitzen. Dieser Benutzer wird während des Tests zur Identifikation der Ressourcen im Scope und von gängigen Fehlkonfigurationen verwendet. |
| Niedrig privilegierter Benutzer | Dieser Benutzer stellt den Startpunkt für die Privilege Escalation während des Penetrationstests dar. Es wird im Rahmen des Penetrationstest angenommen, dass dieser niedrig privilegierte Benutzer von eine Angreifer kompromittiert wurde. |
Kubernetes itself represents its own infrastructure. In the context of a cloud penetration test, this is an infrastructure within a cloud infrastructure. This also means that Kubernetes can be tested independently of the cloud provider. However, it is less meaningful to do so if you want to assess the security of your cloud infrastructure, in which you are using a Kubernetes cluster. In that case, it should be part of the cloud penetration test, as there are privilege escalation attacks on the permissions in the cloud via Kubernetes.
Generally, it is always possible to conduct a Kubernetes penetration test independently.