Infrastructure-as-a-Service Penetration Testing

THREATS, TACTICS AND PROCEDURES TTP
MITRE’S ATT&CK®
IaaS Pen Test
Initial Access to IaaS by Adversaries
1. Exploit Public-facing apps.
2. Trusted Relationship.
3. Valid Accounts.
Execution of Adversaries in the IaaS
1. User Execution.
Persistence of Adversaries in the IaaS
1. Account Manipulation.
2. Create an Account.
3. Implant an Internal Image.
4. Valid Accounts.
Privilege Escalation in the IaaS by Adversaries
1. Valid Accounts.
Defence Evasion of Adversaries in the IaaS
1. Impair Defenses. 
2. Modify Cloud Compute Infrastructure.
3. Unused or UnSupported Cloud Regions.
4. Valid Accounts.
Credential Access of the IaaS by Adversaries
1. Brute Force Attacks.
2. InSecure Credentials. 
Discovery of IaaS by Adversaries
1. Account Discovery. 
2. Cloud Infrastructure Discovery. 
3. Cloud Service Dashboard. 
4. Cloud Service Discovery. 
5. Network Service Scanning.
6. Permission Group Discovery.
7. Software Discovery.
8. System Information Discovery.
9. System Location Discovery.
10. System Network Connections Discovery.
Collection of Data in the IaaS by Adversaries
1. Data from Cloud Storage Object.
2. Data Staged.
Exfiltration of Infrastucture-as-a-Service (IaaS)
1. Transfer data to a Cloud Account
Impact of Infrastucture-as-a-Service (IaaS) Hacks
1. Data Destruction.
2. Data Encrypted for Impact.
3. Defacement.
4. Endpoint Denial of Service.
5. Network Denial of Service.
6. Resource Hijacking.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.