Cloud Infrastructure Security Review

Cloud providers offer a low-cost alternative for companies looking to run their infrastructure while targeting a couple of crucial commitments, such as agility and instant elasticity, while being open, flexible, and secure. However, the use of cloud technologies increases risks in your organization, impacting confidentiality, privacy, integrity, regulatory compliance, availability, and e-discovery.

A Cloud Infrastructure Security Review critically and comprehensively examines the logical network, applications, and services hosted by the cloud, helping you to avoid serious pitfalls while ensure your clients your cloud solution is secure.

Through Binary Brotherhood’s proven experience, we help clients to identify and fix any potential problems via two different approaches:

1. The “Blackbox” approach

This is a passive and an active assessment of exposed resources looking for potential misconfigurations or other implementation flaws. The following example checks will be performed:

  • API services and their current configuration
  • AWS Credentials leak(Accesskey, Secretkey)
  • AWS Environment web page guessing (Kibana, etc)

2. The “Inside man” approach

The client provides a secured account for the company AWS management console. Binary Brotherwood will assess if there are any levels of risks a malicious actor has succeeded to get access to inside the client AWS environment. The following example checks will be performed:

  • EC2 instance exploitation or aiming to compromise running applications
  • Testing S3 bucket configuration and permission flaws which might lead to sensitive data exposure or compromised audit trails logs
  • User privilege escalation
  • Unauthenticated S3 bucket access
  • Serverless function alteration
  • Business logic implementation exploitation
  • AWS roles enumeration (IAM access keys)
  • CloudTrail logging bypass
  • Root certificate and SSH keys manipulation
  • VM image exfiltration (to steal credentials, keys, certificates, etc)
  • Credentials exfiltration through metadata
  • Default policy manipulation
  • Security groups design and configuration
  • AWS admin console access policy
  • Access whitelisting entries

Also, we will test your identity access for privilege escalation and different malicious actions (assuming one account is compromised) and review the security group’s configuration in order to allow connectivity between your systems.

We will present a detailed report with our findings and, as your trusted partner, work with your team to address the security findings.