Client Overview
Our client, an Australia-based company, specializes in AI-powered workplace safety solutions. By leveraging advanced CCTV monitoring, real-time analytics, and automated alerts, they help businesses proactively identify and mitigate safety risks before incidents occur.
Client Objective
The client engaged us to conduct a comprehensive security assessment of their Azure infrastructure, including Virtual Machines (VMs), PostgreSQL databases, Blob Storage, and other cloud services. Their goal was to identify and remediate security vulnerabilities, strengthen access controls, and ensure compliance with best security practices before scaling their operations.
Client Overview
Our client, an Australia-based company, specializes in AI-powered workplace safety solutions. By leveraging advanced CCTV monitoring, real-time analytics, and automated alerts, they help businesses proactively identify and mitigate safety risks before incidents occur.
Challenges
The client needed a detailed security assessment of their Azure infrastructure to identify vulnerabilities that could impact data confidentiality, system integrity, and service availability. However, an initial challenge arose when they provided us with Global Reader access, which restricted our ability to assess certain resources. After discussing this with them, we were granted Reader access, enabling us to begin testing effectively.
Technical Scope
The assessment covered the following Azure services:
- Virtual Machines (VMs): Analysed misconfigurations, privilege escalation risks, and security controls.
- PostgreSQL Database: Evaluated authentication mechanisms, encryption, and Microsoft Defender enablement.
- Azure Blob Storage: Identified public exposure risks, access misconfigurations, and data leakage threats.
- Other Azure Services: Reviewed identity & access management (IAM), network security settings, and overall cloud security posture.
Tools Used
- AADInternals – AAD internals is used to analysing Azure AD security, extracts tokens, and evaluates privilege escalation risks.
- Microbust– Automates Azure security assessments by checking misconfigurations and privilege issues.
- Blobhunter– Identifies publicly exposed Azure Storage Blob containers
- Nmap – Network scanning and enumeration.
- AzPowershell – Manages and audits Azure resources via command-line commands.
- Prowler– Prowler is an open-source security tool that audits Azure environments using the CIS benchmark framework.
Key Findings & Security Gaps
- Virtual Machine Misconfigurations – Weak security settings on Azure VMs increased the risk of remote access attacks.
- Database Security Weaknesses – PostgreSQL lacked proper monitoring and Defender integration.
- Exposed Blob Storage – Certain containers were accessible without authentication, leading to potential data leakage.
- API Security Gaps – Missing security headers and weak authentication mechanisms increased exposure risks.
- IAM & Access Control Issues – Overly permissive roles posed privilege escalation threats.
Deliverables
- Comprehensive Security Report: Detailed vulnerabilities, proof of concept (PoC), and recommended remediations.
- Azure Defender Configuration Recommendations: Suggested best practices for enabling Defender across all critical services.
Benefits
Enhanced Cloud Security Posture – Strengthened Microsoft Azure configurations against threats.
- Strengthened Cloud Security – Reduced risks by securing VMs, databases, and storage.
- Improved API & Data Protection – Enhanced authentication and access controls.
- Better Compliance & Governance – Aligned with industry security standards.
- Proactive Threat Mitigation – Addressed security gaps before they could be exploited.
Conclusion
By conducting a thorough penetration test on their Azure infrastructure, we helped the client identify and remediate security weaknesses across their VMs, databases, and storage services. With improved security controls in place, they can now operate with confidence, ensuring the protection of sensitive data and maintaining a secure cloud environment.
