Microsoft Cloud Breach Assessment
Today’s technology is rapidly adopting cloud technology to assist organisations in moving to a cloud based or hybrid infrastructure to provide flexible, redundant and cost-effective computing on an enterprise level. The main issues associated with this technology is its inherent availability and default configuration, which is often exploited by attackers as they can easily access and attack these services with little risk of identification. A compromised account could prove fatal for most organisations as attackers could access resources located in the cloud, and internal resources in hybrid environments.
Pentest People’s Microsoft Cloud Breach Assessment service is similar to our Microsoft Cloud Security Review assessment; the main difference is our approach to the testing. Instead of reviewing the configuration, we identify the vulnerabilities with practical exploitation from the perspective of a compromised account. The goal of this Microsoft (MS) Cloud Breach Assessment is to provide insight into the complications and consequences caused by weak security configurations, controls, and password usage. The test can be conducted with multiple accounts that represent different departments to cover all access levels.
Listen to one of our Cloud Testing experts
breakdown this Pentest People Service
Pentest People’s technical approach to each infrastructure may be very different. However, there are certain fundamental areas that are examined:
Open-Source Intelligence (OSINT)
The Microsoft Cloud Security Review has a strong focus on publicly available information that could be leveraged in targeted attacks. Information such as links to cloud resources, document metadata, email addresses, and leaked credentials, are gathered to identify common and applicable attacks from unauthenticated attackers.
Azure & Office 365 Security Assessment
The Office 365 and Azure instances are thoroughly tested using one or more domain user accounts to find exploitable vulnerabilities, which could lead to (but not limited to) data infiltration and exfiltration, privilege escalation and entity creation. This assessment aims to demonstrate what could happen if a domain user was compromised.
What Are The Risks?
Due to the rapid adoption of Microsoft’s cloud services, many companies that have embraced this technology are facing new and old cyber risks that can lead to the compromise of customer-owned cloud platforms, and on-premise infrastructures with hybrid cloud setups. All of which can have devastating consequences to any organisation.
How Can Our Microsoft Cloud Breach Assessment Help?
Our cloud trained consultants will identify vulnerabilities with practical exploitation of a compromised account. This test will give insight into your faulty configurations, controls and poor password usage. Our highly trained consultants can perform the test on multiple accounts to cover all access levels.
With our Microsoft Cloud Breach Assessment, you gain access to SecurePortal
Until now, the traditional deliverable from a Penetration Test engagement has been a lengthy 100+ page PDF report.
Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.
With the move to Cloud being a relatively new aspect within businesses its of great importance to make sure you’re set up correctly.
Stay ahead of emerging threats against Cloud Infrastructures by ensuring your platform follows best practices
Rest assured that your assessments are performed by qualified Security Consultants.
Our specialised team of security consultants hold industry qualifications such as CHECK Team Member & Team Leader, CCIE, CISSP and CEH.
Cloud Services Overview Transcript
Pentest people’s team of Microsoft Cloud security experts are on hand to assess all of your Microsoft Cloud offerings. Our Microsoft cloud services are broken down into three separate offerings. The first is the Azure configuration review.
This takes a look at all your virtualized infrastructure, and compares that to security best practices published by cis, Microsoft’s own recommendations and recommendations that we have built up ourselves over years of testing. For example, it will look at how your VMs are deployed, how network security groups are enabled. And indeed, it will also review your Azure AD one of the most key parts of any Azure deployment.
The second part of our offerings is the office 365 configuration review. This configuration review looks at the security settings within Office 365. These are your sharing settings, your mail, ingress and egress and other pertinent security settings that are part of the office 365 technology stack. Again, as part of this engagement, your Azure AD is looked at.
The third offering is our Microsoft breach assessment. This is where a consultant will login with a low permission user. Generally mimicking what would happen if a phishing attack were successful. They will then attempt to access areas in the portal they shouldn’t have access to glean sensitive information from file sharing sites like SharePoint and OneDrive, and gain further information about how the organisation is structured using things like mail. And Azure AD itself.
The three of those can then be combined into a premier offering the Microsoft cloud readiness assessments. This takes all three individual parts of our Microsoft Cloud offerings and combines them into one engagement that will show you in incredible detail exactly how secure your online cloud platforms are. That’s been cloud services. Thank you
Understand the security issues you face within a cloud network through a very thorough assessment from a qualified security consultant.
- Assurance that your cloud infrastructures and services are secure enough to withstand cloud-based attacks
- Ensuring sufficient logging and controls are in place to mitigate these attacks.
- Comply with various regulatory bodies who mandate regular Penetration Testing be performed within your infrastructure
- Be able to focus efforts on important security issues by identifying the high-risk items identified in the Penetration Testing report