Azure Cloud is one of the most popular and widely used cloud provider not only because of its services, but also due to its easy integration with the on-prem Active Directory. The Cloud Azure Pentest covers a wide range of scenarios from ARM (Azure Resource Manager) to AAD (Azure Active Directory) and ensures that your cloud infrastructure is safe and protected from intruders.
TESTING APPROACH
- Configuration review
- Security best practices
- Storage account access
- Inbound/Outbound rules
- Managed Identities
- AAD Hardening
- Public access review
- Automated scanning
- Access control
Deliverables
- Scoping meeting
- Statement of work
- Automated scanning
- Manual pentesting
- Technical report
- Executive summary
- Presentation meeting
- Retest of mitigations
Blog Articles
- How I made 300 GitHub repos point to my blog using Azure subdomains takeover
- Create an Azure Vulnerable Lab: Part #1 – Anonymous Blob Access
- Create an Azure Vulnerable Lab: Part #2 – Environment Variables
- Create an Azure Vulnerable Lab: Part #3 – Soft Deleted Blobs
- Create an Azure Vulnerable Lab: Part #4 – Managed Identities
- Create an Azure Vulnerable Lab: Part #5 – Cloud Init
- Create an Azure Vulnerable Lab: Part #6 – AAD Enumeration and Password Spraying
> TRIPLA SECURITY 