Overview
The results of an extensive Attack Path Mapping (APM) exercise we performed for a client, which specifically targeted its infrastructure, revealed vulnerabilities in their Active Directory Federation Services (ADFS). These weaknesses could lead to the compromise of AWS resources, amongst others.
Recognizing the significant risk that such vulnerabilities could pose to the security posture of the client’s applications and services hosted in AWS, the client requested that we perform a more focused assessment that centered around mapping privileged access across AWS accounts. This would allow the client to understand its current security posture and implement monitoring and preventative measures to improve it.
Company
Manufacturing company
Country
Finland
Industry
Manufacturing
Our solution
The objective of the assessment was to assess the IAM configurations and how privileged access could be obtained in critical and interconnected AWS accounts. The client wished to understand how the AWS estate could be breached by using IAM accesses, how privilege could be escalated and in what ways an attacker could move laterally across the AWS accounts.
As the client’s ADFS-related vulnerabilities and their mitigations had been covered during the preceding APM assessment, the Active Directory and on-premises environments were considered out of scope for this assessment. Instead, the assessment was conducted by reviewing AWS IAM policies and accesses within an account or cross-account. The assessment began with a series of workshop-style reviews where our consultants interviewed relevant team(s) to develop an understanding of the AWS accounts. Automatic data collection was then performed across the accounts to collect information regarding the IAM and other relevant configurations. We then assessed the results manually and, where applicable, privilege escalation and pivoting (moving between accounts or services) were attempted manually.
We worked closely with the client throughout the engagement to ensure that all findings were fully understood.
Outcome
Our findings allowed the client to understand the current security posture of its IAM configurations, mapping out cross-account access across the estate and highlighting cases where administrative or equivalent permissions had been granted to entities unintentionally. In addition, our review identified a number of structural and architectural issues with the client’s AWS estate that represented the root cause of a number of the common problems encountered in individual AWS accounts.
We provided the client with a clear set of prioritized recommendations, both tactical (individual permission sets to fix and similar) and long-term strategic (such as rearchitecting the OUs within the organization to better enforce secure defaults in production), to help the client significantly uplift the security posture of its cloud environment.
Used services
Resilience Development
Build your immune system and withstand a cyber incident; assess risk by testing your controls against likely threats, and improve the skills of your security operations team.
Our accreditations and certificates
Don’t be a stranger, let’s get in touch.
Our team of dedicated experts can help guide you in finding the right
solution for your unique issues. Complete the form and we are happy to
reach out as soon as possible to discuss more.
This site is protected by reCAPTCHA and the Google
Privacy Policy and Terms of Service apply.