Cloud Penetration Testing

Pentesting methodologies in Cloud is completely different from traditional pentesting procedures. The benefit of using cloud services is that it gives organizations and individuals the ability to quickly, and efficiently scale web service needs on a reliable, and flexible platform.

Get Started

Baseel caters services in these mentioned areas

  • Azure
  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)


    Following are the Security Assessment that are performed on an cloud environment


    Performing penetration testing becomes more and more important every day for your business as it would be easy to spend time and money in the wrong places.

    Cloud Penetration Testing Test Cases

    • Test for Unauthenticated Bucket Access
    • Test for Semi-Public Bucket access - Improper ACL permission
    • Targeting and compromising Access keys in git commit
    • Test for Extracting keys from an EC2 instance
    • Exploiting Security Misconfigurations
    • Testing to exploit EC2 instance
    • Exploiting Internal Cloud Services using Lambda or other backdoors
    • Test for Subdomain Takeover
    • Testing for Privilege Escalation
    • Test for RCE attack
    • Test for AWS Role Enumeration(IAM)
    • Test for EC2 service to exploit privilege escalation
    • Test for AWS Iam enumeration : Bypassing CloudTrail Logging
    • Test for BitBuckted Server data for credentials in Azure
    • DNS rebinding to compromise the cloud environment
    • Test for Change of local windows / Linux logs
    • Test to Create jobs or serverless actions to add root certificates and ssh private keys to machines and users
    • Test to Create an additional interface / assign an IP address in target network / subnet on a compromised machine (like assigning a secondary private IPv4 address or interface to an EC2 instance
    • Steal virtual machine images from storage accounts, analyze them for passwords, keys and certificates to access live systems (like VM VHD snapshots from storage accounts)
    • Test to Gain OS level access to Instances/VMs via workload management service privileges (AWS SSM)
    • Create systems management commands or abuse instance metadata for scheduled and triggered command and control (AWS systems manager, modify EC2 UserData to trigger a reverse shell)
    • Test to Run or deploy a workload with an assigned/passed service or role, export instance credentials for those privileges (such as EC2 passed role and meta credentials)
    • Fingerprint server and application versions and frameworks, detect sensitive PII in application logs
    • Test for CSV injection in CloudTrail
    • Tested for AWS secrets accessible via meta-data
    • Attempt load balancer MiTM for session hijacking (elb) by cloud service configuration or load balancer instance compromise
    • Steal credentials from metadata of proxy or http forwarding servers (credentials in cloud meta)
    • Steal cloud workload credentials (AWS metadata sts or Azure Linux Agent (waagent) folder credentials)
    • Steal credentials from or leverage privilege to operation of a cloud key service (aws kms, azure key vault
    • Alter data in datastore for fraudulent transactions or static website compromise (s3, rds, redshift)
    • Alter a serverless function, logic app or otherwise a business logic implementation for action on objective or escalation (AWS lambda or Azure logic apps)
    • Alter data in local sql or mysql databases
    • Operate in regions where logging is not enabled or disable global logging (like CloudTrail)
    • Alter log files in a non-validated log store or disable validation (like cloud trail log validation)
    • Tesed for Disable network traffic analysis / logging (VPC flowlogs)
    • Tesed for Disable cloud alerting to prevent detection and response (like cloudwatch alerts, GuardDuty, Security Hub, or Azure Security Center)
    • Tesed for Disable data store access logging to prevent detection and response (cloudtrain data access, s3 access logging, redshift user activity)
    • Alter log retention or damage the integrity of logs (s3 lifecycle, kms decryption cmk key deletion/role privilege lockout)
    • Process hooking, process injection, windows access token manipulation, leveraging misconfigured sudo capabilities
    • Test to Create or reset a login, access key or temporary credential belonging to a high privilege user (like iam:CreateAccessKey, sts or iam:UpdateLoginProfile)
    • Test to Change the default policy for a user or new users to include additional privileges (like setdefault-policy-version)

    Baseel Limited

    Insight >> Integrity >> Impact >>