AWS and Azure Controls Assessment
We work side-by-side with your teams to validate the effectiveness of your protection and detection capabilities and identify areas to improve your controls. We cover the following areas:
Security Architecture Assessment
We review your design and perform application and architecture threat modelling in consideration of your users, customers, data flows and application functionality.
Authentication and Authorization Controls
We perform application and architecture threat modelling, and use penetration testing techniques with different user roles in attempts to circumvent controls and escalate privileges.
Configuration and Host Build Review
We look for configuration weaknesses and provide security hardening recommendations for the application and the infrastructure supporting your cloud applications.
AWS IAM Exploitation
By Evan Perotti
In AWS, authorization is governed by the Identity and Access Management (IAM) service. Unfortunately, as most software configuration goes, there is ample opportunity for misconfigurations that result in security vulnerabilities. As it pertains to AWS IAM, this typically manifests as privilege escalation. However, in some cases, it can result in something as severe as unauthorized account access. In this blog post, I will cover general classes of IAM exploitation and privilege escalation techniques.
Protect your devices.
Learn how we can help test and improve the security of your team’s multi-faceted devices.