Cobalt’s Microsoft Azure cloud-based security configuration review is an exercise in which our Cobalt Core team of pentesters will carry out an assessment over the Azure-based cloud environment and all of its internal and external components. At Cobalt we follow an industry standard methodology primarily based on Microsoft best security practices and additional security testing methodologies such as ASVS and OWASP. Furthermore we leverage Microsoft’s penetration testing rules of engagement to avoid causing downtime.
We perform the following steps to ensure full coverage:
Logistics
The pentesters require read-only Identity and Access Management (IAM) API credentials for each Azure account the configuration review should be performed on.
Targeted scope reconnaissance
Initially, testers examine the provided documentation and confirmed scope. Various tools are used to confirm the presence of different sets of components and technologies within the environment.
External scope discovery exercise is also performed within this initial stage to determine the discoverable attack surface and externally exposed landscape. This step is usually performed to ensure all the necessary levels of access are granted, the scope is fully accessible by the pentesters and that externally exposed components are not unreachable.
This stage usually enables pentesters to develop a further assessment execution plan that is followed then throughout the rest of the assignment accordingly.
ℹ️ During this phase, testers use multiple reconnaissance scanning tools, such as Azucar, or ScoutSuite.
Note: The tools testers use may vary from test to test. |
Component enumeration
During this stage automated component discovery and enumeration within the Azure environment is being performed while utilizing client-provided Azure access keys.
During this exercise, the key is to gather as much information as possible about components that are being used within the environment, potential impact on the environment itself through utilization of the various tools and to perform basic scans of the existing configuration.
Pentesters use this phase to become familiar with the Azure internal footprint and are getting detailed reports from various tools on current setup of cloud components, such as Azure Cloud Storage.
ℹ️ During this phase, testers use multiple component scanning tools, such as Azucar, or ScoutSuite.
Note: The tools testers use may vary from test to test. |
Automated component configuration assessment
Getting through to the third phase of the Azure cloud configuration review Cobalt pentesters are performing reviews of the reporting in order to determine the risks across the environment. All the reports from different tooling are gathered and analyzed in detail while also being compared with the potential client-defined areas of focus.
Any detected anomalies or misconfigurations are re-tested and confirmed prior to risk assessment exercise. We perform risk assessment exercises based on a CIS industry best practices template and score all risks based their impact and likelihood.
ℹ️ During this phase, testers use multiple configuration scanning tools, such as Azucar, or ScoutSuite.
Note: The tools testers use may vary from test to test. |
Automated and manual assessment of externally exposed services
Based on the scope provided by the client, Cobalt pentesters will perform an external manual and automated assessment over all of the externally exposed systems and services. During this phase the goal is to perform basic vulnerability assessment and potentially detect some service-related vulnerabilities that were not detected during the internal configuration scans.
Additionally, for any configuration related findings that have external impact, pentesters will also confirm these through the public interfaces while using internally gathered endpoint web addresses.
ℹ️ During this phase, testers use multiple configuration scanning tools, such as Azucar, or ScoutSuite.
Note: The tools testers use may vary from test to test. |
Architectural design analysis
Usually the last stage of the active Azure security assessment is the manual review of the Azure architecture provided by the client. During this stage pentesters are reviewing and assessing the current Azure overall layout from the risks perspective and ensure that there are no security-related issues. Design of the Azure infrastructure is crucial in order to ensure the overall security posture of the environment is satisfactory and able to deter ever-evolving threats.
ℹ️ During this phase, testers use multiple configuration analysis tools, such as Azucar, or ScoutSuite.
Note: The tools testers use may vary from test to test. |
Cobalt pentesters follow industry best practices when reviewing the architecture and combining the findings with component configuration reports to make sure that risks are assessed realistically.
Additionally, it is also possible, on clients request and to ensure better coverage to gather additional information on internal procedures, CI/CD, patching, access granting etc. That way Cobalt pentesters would be able to fully assess and advise on the overall security posture.
Reporting, triaging, and additional testing
Pentesters report and triage all vulnerabilities during the assessment itself. We provide details on all of the findings discovered by our pentesters through our online platform. Clients have full visibility over discoveries in real-time through the Cobalt platform.
In the findings and final report, pentesters provide detailed remediation steps and advice on further improvements of the security posture.
The client can perform remediation efforts on critical discoveries during and after the testing timeframe, and pentesters can test the updated components and re-test the discovered issues to confirm that there is no residual risk for the client from a security perspective.
Common tools used during these assessments
For more information on the testing tools mentioned above, see the following resources:
Comments
0 comments
Please sign in to leave a comment.