I perform assumed-breach penetration tests starting from a realistic compromised credential — a stolen API key, leaked .env file, or exposed instance profile — and explore every privilege escalation path, lateral movement opportunity, and data exfiltration route available in your cloud environment.
Cloud privilege escalation is non-obvious. A set of permissions that individually look harmless can chain together to achieve full administrative access. I map these paths systematically: IAM privilege escalation (PassRole, sts:AssumeRole chains, Lambda function abuse, EC2 instance profile escalation, service-linked role abuse); data exfiltration paths (S3 bucket access, Secrets Manager, SSM Parameter Store); lateral movement (cross-account role assumptions, VPC peering traversal); and persistence mechanisms (backdoor IAM users, modified SCPs, malicious Lambda functions).
Deliverables: full assumed-breach report with attack path diagrams showing the exact privilege escalation chain used, step-by-step exploitation narrative, business impact statement, and remediation guidance. Simulated exfiltration only — I document what could be accessed without downloading your actual data.
Requires written authorization, cloud account access, target account IDs, and a defined starting credential.