Cloud Security Testing
Lares’ cloud services testing reflects our deep insight into tactics, techniques, and procedures (TTPs) leveraged by attackers across the three major clouds, Azure and Azure Active Directory, Google Cloud Platform (GCP), and Amazon Web Services (AWS) and Infrastructure, Platform, and Software service models (IaaS, PaaS, and SaaS, respectively). We possess significant expertise in the areas of configuration and architectural reviews, cloud attack methodology, and advanced persistent threat (APT) simulation.
- Domain 1: Cloud Computing Concepts and Architectures
- Domain 7: Infrastructure Security
- Domain 8: Virtualization and Containers
- Domain 9: Incident Response
- Domain 10: Application Security
- Domain 11: Data Security and Encryption
- Domain 12: Identity, Entitlement and Access Management
Our attack methodology extends beyond the cloud maturity due diligence and baseline guidance to sophisticated attack methodology, enumeration, credential theft, and access privilege escalation, and persistence, specialized chained attacks, and cloud attack simulation. Armed with attack expertise in Azure, GCP, and AWS, our cloud resources use custom tools and methods to replicate modern APT groups and advanced threat actors.