Cloud penetration testing across AWS, Azure, and GCP.
Your cloud is a moving target: new services, new identities, new exposure every week. SubRosa's cloud penetration testing attacks your AWS, Azure, and Google Cloud environments the way a real adversary would, chaining misconfigurations and over-permissive access into real, provable impact.
AWS · Azure · GCP · Kubernetes · IAM · Serverless
What is cloud penetration testing?
Cloud penetration testing is an authorized, hands-on attack against your cloud environment, its identities, configurations, network exposure, storage, and workloads, to find and safely exploit the weaknesses a real attacker would use. Unlike an on-prem pen test, it works within each provider's rules of engagement across AWS, Azure, and GCP, and focuses on the failure modes unique to cloud: over-permissive IAM roles, public storage, exposed metadata services, and privilege-escalation paths across accounts and services.
Every cloud, every layer.
Offensive testing across every major provider and the containers running on top of them.
AWS penetration testing
IAM roles and policies, S3 exposure, EC2 and Lambda, metadata-service abuse (SSRF to credentials), and cross-account privilege escalation, tested against AWS's rules of engagement.
Azure penetration testing
Entra ID (Azure AD), role assignments, storage accounts, key vaults, and managed identities, with the Azure-specific escalation paths attackers actually use.
Google Cloud and GCP
GCP IAM, service-account impersonation, Cloud Storage, and the token and metadata abuse that turns one weak permission into full project access.
Containers and Kubernetes
Kubernetes and container security: exposed dashboards and APIs, RBAC gaps, container-escape paths, and the registries and CI/CD that pivot into the cluster.
Attack paths, not config lists.
Multi-cloud offensive depth
Hands-on experience across AWS, Azure, and Google Cloud, so testing reflects how each provider actually fails rather than a generic checklist.
Rules-of-engagement fluent
We test within each provider's pen-test policy and rules of engagement, so your assessment is thorough and fully authorized.
Chained, provable impact
We chain a misconfiguration into a real attack path, an over-permissive role plus a public bucket becomes data exfiltration, and prove the impact instead of listing settings.
From attack path to remediation.
Your cloud pen test findings land in Sable, prioritized, assigned, and tracked from open to retested, mapped to the account and service they affect, so remediation becomes a managed workflow instead of a stack of screenshots.
- CriticalOpenRole chain to admin via PassRoleAWS · IAM
- HighIn progressPublic bucket exposes DB backupsAWS · S3
- HighRetestedManaged identity over-privilegedAzure · Entra ID
- MediumOpenMetadata SSRF leaks SA tokenGCP · SA
See your cloud the way an attacker does.
Book a cloud penetration test and find the identity, storage, and configuration weaknesses across your AWS, Azure, and GCP before someone else does.