Skip to main content

Navigation Call to Actions

Microsoft Cloud Breach Assessment

Pentest People Stand: N74


Microsoft Cloud Breach Assessment

Today’s technology is rapidly adopting cloud technology to assist organisations in moving to a cloud based or hybrid infrastructure to provide flexible, redundant and cost-effective computing on an enterprise level. The main issues associated with this technology is its inherent availability and default configuration, which is often exploited by attackers as they can easily access and attack these services with little risk of identification. A compromised account could prove fatal for most organisations as attackers could access resources located in the cloud, and internal resources in hybrid environments.

Pentest People’s Microsoft Cloud Breach Assessment service is similar to our Microsoft Cloud Security Reviewassessment; the main difference is our approach to the testing.  Instead of reviewing the configuration, we identify the vulnerabilities with practical exploitation from the perspective of a compromised account. The goal of this Microsoft (MS) Cloud Breach Assessment is to provide insight into the complications and consequences caused by weak security configurations, controls, and password usage. The test can be conducted with multiple accounts that represent different departments to cover all access levels.

Open-Source Intelligence (OSINT)

The Microsoft Cloud Security Review has a strong focus on publicly available information that could be leveraged in targeted attacks. Information such as links to cloud resources, document metadata, email addresses, and leaked credentials, are gathered to identify common and applicable attacks from unauthenticated attackers.

Azure & Office 365 Security Assessment

The Office 365 and Azure instances are thoroughly tested using one or more domain user accounts to find exploitable vulnerabilities, which could lead to (but not limited to) data infiltration and exfiltration, privilege escalation and entity creation. This assessment aims to demonstrate what could happen if a domain user was compromised.

How Can We Help?

Our cloud trained consultants will identify vulnerabilities with practical exploitation of a compromised account. This test will give insight into your faulty configurations, controls and poor password usage. Our highly trained consultants can perform the test on multiple accounts to cover all access levels.

View all Exhibitor Products