When you begin your journey to becoming a cloud pentester, it helps to start with the basics.

Your job is to test cloud networks to see how they can be cyber attacked. The organization you work for can then use your discoveries to improve the cybersecurity of its cloud networks.

Because Amazon (AWS), Microsoft (Azure), and Google (GCP) own the infrastructure on which you’ll be testing, you won’t be allowed to do literally anything a cyber attacker may try to do in real life. But you need to understand all the kinds of cyberattacks that cloud networks deal with, even if you can’t simulate all of them.

The best pentesters can think like real cyber attackers. This chapter will give you a better understanding of how cloud networks are cyber attacked in order to help you conduct more effective pentests.

In this chapter, we’ll cover the following main topics:

• Understanding penetration testing
• External...

Penetration tests (or pentests for short) are simulated cyberattacks that are designed to find vulnerabilities in computer networks and applications. The biggest difference between a pentest and an actual cyberattack is that the former is conducted with the full consent of the owner of the computer or network, whereas the latter isn’t.

As a pentester or red team member, not only will you need consent from the owner of the target you’re testing, but you’ll also have to sign a legal agreement that explains in detail what you’re allowed to do, what you’re forbidden from doing, and the scope of your pentest. This applies whether you’re an employee of the organization being pentested, a third-party contractor of the organization being pentested, someone who conducts simple one-off pentests, or a red team member who pentests as part of your red team engagements.

Whether or not an organization has a red team...

When your organization’s defensive security team prepares for cyberattacks, it needs to understand each and every step that threat actors take when they try to maliciously interfere with your data. No cyber intrusion is a one-step process. Ransomware may have needed an employee to accidentally execute an email attachment before it spread between poorly configured cloud instances. A data breach may have required bribing an employee and giving them a USB stick with custom-designed spyware.

The MITRE ATT&CK database (https://attack.mitre.org/) is an excellent resource to help all kinds of cybersecurity professionals understand the various steps cyber threat actors take when they engage in their crimes. I will be citing it frequently in this chapter. Especially if you’re pentesting as part of a red team, these may be the kinds of cyberattacks you’ll be simulating in your engagements.

Some cyberattack chains can be simple, and...

So, we’ve looked at the difference between internal cyberattacks and external cyberattacks, and some of the different entry point attack vectors they can use. There’s another way for you to categorize the cyberattacks you’ll be simulating as a pentester.

We must look at the CIA (confidentiality, integrity, and availability) Triad of cybersecurity. It’s one of the most important concepts in our area of study.

All cyberattacks impact one, two, or all three components of the CIA Triad:

• Confidentiality is all about making sure that your organization’s data is only readable to the entities that are allowed to access it. A data breach is an example of a type of cyberattack that impacts confidentiality.
• Integrity is all about making sure that only authorized entities can alter or modify your organization’s data. If a cyber attacker replaces a legitimate component...

Cyberattacks on cloud applications can be external or internal. They can impact the confidentiality, integrity, and availability of data. Here are some more cloud cyberattack concepts to understand.

Cyberattacks against complicated enterprise systems such as cloud networks are seldom simple. Attacks don’t just break in, enter, and leave. Many attacks strike one part of a complex system and then move on to other parts of a complex system.

A cloud network can include multiple cloud platforms (AWS, Azure, and GCP) with several different services and applications on each platform. They can also contain multiple containerization systems through orchestration platforms such as Docker and Kubernetes, integrating numerous services and applications within each one. All of the components of cloud networks can communicate with each other through shared credentials such as cryptography keys and machine identities (such as TLS certificates...

Back in the days before cloud services were commonly used, enterprises only had networks on their own premises. Back in the 1990s and early 2000s, the network security paradigm was all about perimeters.

Different network segments could have different levels of security, but the internal network and all of its segments were contained within a heavily guarded perimeter. Sometimes, external traffic would be allowed into the internal network, but it’d have to pass a vector for authentication and authorization. But once that perimeter was cleared, the user could travel within the internal network without having their credentials checked again. All users were either trusted or distrusted, and existing inside the perimeter meant automatic trust. Think of a country with a heavily guarded border, but little police presence inside of the country.

The old perimeter model of network security has been obsolete for many years now. There are multiple reasons why.

The reason why we conduct pentesting is to learn about security vulnerabilities in computer systems by simulating cyberattacks.

There are possibly hundreds or thousands of potential cyberattack vectors in a cloud network, both internal and external. Users, user accounts, machine identities, and vulnerabilities in internet-facing applications are just some of the many possibilities.

You may not be able to simulate all of the possible types of exploits. For instance, cloud providers often prohibit simulating DDoS attacks, and you also won’t be allowed to physically visit the cloud provider’s data centers to plant test devices. But it’s important to understand all the different things an attacker could do and keep them in mind when you’re conducting your red team engagements.

Attacks can originate internally or externally from your organization. The CIA Triad of cybersecurity is a concept to explain how cyberattacks can impact your organization...

To learn more about the topics covered in this chapter, you can visit the following links:

• MITRE ATT&CK: https://attack.mitre.org/
• DDoS botnets: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-botnet/
• Zero-trust security and the cloud: https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-for-the-cloud