<aside> ⚠️

CLICK DUPLICATE BUTTON TO START USING THE TEMPLATE

</aside>

<aside> 🎯

Objective: Identify and exploit cloud security gaps resulting from misconfigurations to reveal your organization's true cloud security posture and provide actionable remediation steps.

</aside>

Pre-Exercise Planning

Cloud Platform Selection Matrix

Select appropriate cloud platforms based on your organization's footprint:

Cloud Platform Complexity Common Vulnerabilities Key Testing Areas
AWS High S3 buckets, IAM, EC2 Storage, identity, compute
Azure High Blob storage, AD integration, VM Identity, storage, network
Google Cloud Medium-High GCS, IAM, GKE Storage, identity, containers
Multi-cloud Very High Identity federation, inconsistent policies Cross-cloud access, policy gaps
Private cloud Medium API security, automation gaps Infrastructure access, management
Hybrid cloud High On-prem to cloud bridges Connectivity, policy synchronization

Scope Definition Framework

Testing Scope Selection

Scope Option Risk Level Value When to Select
Production (Read-Only) Medium Very High Mature cloud environments with good guardrails
Production (Limited Write) High High Carefully controlled, specific test cases
Staging/Pre-Production Medium Medium-High Good balance of realism vs. risk
Development Low Medium Initial assessments, new methodologies
Sandbox/Test Very Low Low Training, proof of concept

Service Coverage Matrix

Service Category Critical to Test Common Issues Test Priority
Storage (S3, Blob, GCS) Yes Public access, weak ACLs Very High
Identity (IAM, Azure AD) Yes Excessive permissions, trust relationships Very High
Compute (EC2, VMs, GCE) Yes Weak security groups, misconfigurations High
Containers (EKS, AKS, GKE) Yes RBAC issues, network policies High
Serverless (Lambda, Functions) Yes Overprivileged execution roles High
Databases (RDS, Cosmos, Cloud SQL) Yes Public access, weak auth High
Network (VPC, VNET) Yes Overly permissive rules Medium
Auxiliary Services Varies Service-specific issues Medium

Timeline and Milestones

Execution Framework