Azure Penetration Testing is About Protecting Your Resources
Azure Penetration Testing is a cloud penetration scenario on the Microsoft cloud, Azure. Seculyze is specialized in Microsoft Azure. It follows the same process as Infrastructure Penetration Testing and has the same goal of exposing misconfigurations and vulnerabilities within the environment to be one step ahead of any attackers, however the contents differs slightly as focus is on resources
Generic Process with an Azure Twist
At Seculyze, we use the generic Penetration Testing Process as depicted in the overall pentesting offering. Two main phases are further split into sub-phases to describe the special nature of Azure Penetration Testing. The phases are identical to the Infrastructure Penetration Testing process, but the contents of the phases vary.
- Phase 2: Discover is divided into the subphases 2a: Scan and 2b: Path
- Phase 3: Attack is divided into the subphases 3a: Exploit and 3b: Access
Azure
Process
Four generic phases based on generic process based on NIST 800-115 of which two are divided into sub-phases in the Azure Penetration Testing process
Plan
The scope and rules of engagement are defined. Part of the scope for Azure Penetration Testing could be to assess the configuration of a certain resource. If it is a black box test, resources are also discovered
Enumerate and scan
Seculyze try to find the Azure services, a specific tenant uses. Reconnaissance of the environment could include virtual machines, storage accounts, applications, databases, networking, user without MFA and vulnerable configuration. Information from Defender for Cloud or other Microsoft security products could also be collected for assessment
Determine attack paths
We analyze the attack surface to ensure more effective attacks. Seculyze identifies the entry points and loopholes. These might be taking over devices or gathering data for further vulnerabilities. The most effective attack path is determined
Exploit vulnerable attack path
Our main goal is to gain access to high privileged data, accounts or the goal that is set forth in the planning phase of the project. The exploitation and penetration is done in the weakest resources or services found in the analysis. This step might lead to the need for further discovery in step 2A or 2B
Access business critical assets
Our main goal is to gain access to high privileged data, accounts or the goal that is set forth in the planning phase of the project. Additional discovery is sometimes needed, to gain more knowledge to exploit some weakness, install additional software or extract information
Report
The report from the Azure Penetration Testing contains results and confidential information about internal systems. Therefore it will show all the misconfigurations found rated by criticality. It can include a variety of permission-based vulnerabilities to configuration-based vulnerabilities
What is the Difference?
…and why is Azure Pentration testing harder than Infrastructure Penetration testing?
A cloud penetration test – in this case Azure Penetration Testing – focuses on resources and the setup of cloud services like Office365, Azure AD and different cloud resources used by the client such as storage accounts or databases. While the procedure is the same, the tools differ and so does the knowledge to conduct the penetration test.
In the attack phase, gaining access, escalating privileges, system browsing, and installation of additional tools can be easier or more difficult depending on your setup in the Cloud. Therefore, the output can also be recommendations to the security architecture as described in one of our other services, depending on the scope of the penetration test performed.
Want to know more about Azure Penetration Testing?
