Penetration Testing

Cloud penetration testing across AWS, Azure, and GCP.

Your cloud is a moving target: new services, new identities, new exposure every week. SubRosa's cloud penetration testing attacks your AWS, Azure, and Google Cloud environments the way a real adversary would, chaining misconfigurations and over-permissive access into real, provable impact.

AWS · Azure · GCP · Kubernetes · IAM · Serverless

Cloud penetration testing, defined

What is cloud penetration testing?

Cloud penetration testing is an authorized, hands-on attack against your cloud environment, its identities, configurations, network exposure, storage, and workloads, to find and safely exploit the weaknesses a real attacker would use. Unlike an on-prem pen test, it works within each provider's rules of engagement across AWS, Azure, and GCP, and focuses on the failure modes unique to cloud: over-permissive IAM roles, public storage, exposed metadata services, and privilege-escalation paths across accounts and services.

What we test

Every cloud, every layer.

Offensive testing across every major provider and the containers running on top of them.

AWS penetration testing

IAM roles and policies, S3 exposure, EC2 and Lambda, metadata-service abuse (SSRF to credentials), and cross-account privilege escalation, tested against AWS's rules of engagement.

Azure penetration testing

Entra ID (Azure AD), role assignments, storage accounts, key vaults, and managed identities, with the Azure-specific escalation paths attackers actually use.

Google Cloud and GCP

GCP IAM, service-account impersonation, Cloud Storage, and the token and metadata abuse that turns one weak permission into full project access.

Containers and Kubernetes

Kubernetes and container security: exposed dashboards and APIs, RBAC gaps, container-escape paths, and the registries and CI/CD that pivot into the cluster.

Why SubRosa

Attack paths, not config lists.

Multi-cloud offensive depth

Hands-on experience across AWS, Azure, and Google Cloud, so testing reflects how each provider actually fails rather than a generic checklist.

Rules-of-engagement fluent

We test within each provider's pen-test policy and rules of engagement, so your assessment is thorough and fully authorized.

Chained, provable impact

We chain a misconfiguration into a real attack path, an over-permissive role plus a public bucket becomes data exfiltration, and prove the impact instead of listing settings.

Every finding, tracked to closed.

From attack path to remediation.

Your cloud pen test findings land in Sable, prioritized, assigned, and tracked from open to retested, mapped to the account and service they affect, so remediation becomes a managed workflow instead of a stack of screenshots.

Cloud findings in Sable
Cloud findingsAWS · Azure · GCP
  • Critical
    Role chain to admin via PassRole
    AWS · IAM
    Open
  • High
    Public bucket exposes DB backups
    AWS · S3
    In progress
  • High
    Managed identity over-privileged
    Azure · Entra ID
    Retested
  • Medium
    Metadata SSRF leaks SA token
    GCP · SA
    Open
IAM · storage · metadata · K8sRules of engagement respected

See your cloud the way an attacker does.

Book a cloud penetration test and find the identity, storage, and configuration weaknesses across your AWS, Azure, and GCP before someone else does.