Standard Pentest Logo
Standard Pentest

Cloud Penetration Testing — AWS, Azure, and GCP

Most breaches in cloud environments aren't zero-days — they're misconfigurations, over-permissioned identities, and exposed services. StandardPentest delivers cloud-native penetration testing across AWS, Azure, and Google Cloud, mapping real attack paths from initial access through privilege escalation to data exfiltration. Audit-ready findings in 24 hours, mapped to MITRE ATT&CK for Cloud and CIS benchmarks.

What We Test

  • Identity and access: IAM policy misconfigurations, over-permissive roles, unused credentials, privilege escalation paths, and trust relationship abuse
  • Network exposure: publicly reachable services, security group and NSG misconfigurations, peering and transit gateway risks, and exposed management planes
  • Storage and data: public buckets, unencrypted volumes, signed URL abuse, and cross-account access misconfigurations
  • Compute and serverless: SSRF to instance metadata, container escape, Lambda/Functions permission abuse, and runtime risks
  • Kubernetes (EKS, AKS, GKE): RBAC weaknesses, pod security, secrets handling, and namespace isolation
  • Logging and detection gaps: missing CloudTrail/Activity Log coverage, alerting blind spots, and detection bypasses we identified during testing
  • Supply chain: third-party integrations, marketplace artifacts, and SaaS-to-cloud trust relationships

Our Methodology

We start with a read-only role for configuration discovery (or work from your CSPM/security graph if you have one) and then move to active testing under a strictly scoped engagement window. The workflow runs in four phases: configuration analysis against CIS and provider-specific benchmarks, identity attack-path enumeration using purpose-built tooling, exploitation of confirmed paths to demonstrate impact, and reporting that maps every finding to MITRE ATT&CK for Cloud. Internal-only environments can be tested via a lightweight runner deployed in your account.

What You Get

  • An executive summary of the highest-impact attack paths we found
  • Per-finding technical detail with reproduction commands using AWS CLI, Azure CLI, or gcloud
  • Visual attack-path diagrams showing how a finding chains to broader compromise
  • Mapping to CIS Foundations Benchmarks, MITRE ATT&CK for Cloud, and your applicable compliance framework (SOC 2, HIPAA, PCI, ISO 27001)
  • An attestation letter signed by our team for auditor and customer use
  • A free retest of remediated findings within 90 days

Frequently Asked Questions

Which cloud providers do you support?

AWS, Azure, and Google Cloud are first-class. We also support Oracle Cloud and DigitalOcean as scoped engagements. Multi-cloud environments are tested as a single engagement, with attack-path analysis that spans providers.

What permissions do you need to test our cloud account?

For configuration review we use a read-only role (SecurityAudit on AWS, Reader + Security Reader on Azure, equivalent on GCP). For active testing we use a scoped role you create just for the engagement, with permissions documented in the rules of engagement and revoked at the end.

Will testing trigger our security alerts?

Yes — and that is intentional. We coordinate test windows with your detection team so alerts can be validated. If alerts do not fire on activities that should trigger them, we report that as a finding.

Can you test our Kubernetes clusters?

Yes. EKS, AKS, GKE, and self-managed clusters are all supported, including RBAC review, pod security, network policy, and runtime testing using purpose-built tooling. We also test the cloud IAM that maps to your service accounts.

Schedule a Pentest

Tell us your provider and rough environment size and we'll scope your test the same day.