Cloud Pentests Requirement

🛡️ AWS

We need the following roles to perform a Misconfiguration check following the guidelines of the CIS Benchmarks:

✅ ReadOnlyAccess
✅ SecurityAudit

Privilege escalation

✅ If the client has different types of roles set in their cloud environment, we will need at least two sets of credentials representing these roles to perform privilege escalation, but it can also be more.

🛡️ Azure and MS365

We need the following roles to perform a Misconfiguration check following the guidelines of the CIS Benchmarks:

✅ Directory Read All
✅ Application Read All
✅ Security Reader
✅ Permission to Read All

Privilege escalation

✅ If the client has different types of roles set in their cloud environment, we will need at least two sets of credentials representing these roles to perform privilege escalation, but it can also be more.
✅ This can only be tested if there are actual users in the environment.

🛡️ GCP

We need the following roles to perform a Misconfiguration check following the guidelines of the CIS Benchmarks:

✅ Viewer
✅ Security Reviewer
✅ Service Usage Admin
✅ StackDriver Accounts Viewer

Privilege escalation

✅ If the client has different types of roles set in their cloud environment, we will need at least two sets of credentials representing these roles to perform privilege escalation, but it can also be more.

🛡️ Google Workspace

We need the following roles to perform a Misconfiguration check following the guidelines of the CIS Benchmarks:

✅ Superadmin