+ Menu

‹ News

Press Release

Hear a Penetration Tester’s Guide to the Azure Cloud during The Eleventh HOPE

News

By MWR, 22 July 2016

Session includes the demonstration of MWR InfoSecurity’s new tool Azurite.

Apostolis Mastoris, Security Consultant of MWR InfoSecurity is speaking at this year’s HOPE, taking place at the Hotel Pennsylvania in New York City this Friday and during the weekend. The session includes a demonstration, for the first time publicly of MWR InfoSecurity’s new tool Azurite, created for penetration testers and auditors to use during enumeration and reconnaissance activities within an Azure environment.

Speaking about the challenge organizations face, Apostolis explains, “The wide adoption and the benefits of Cloud computing has led many users and enterprises to move their applications and infrastructure towards the Cloud. However, the nature of the Cloud introduces new security challenges, therefore organizations are required to ensure that such hosted deployments do not expose them to additional risk. Auditing Cloud services has become an essential task and in order to carry out such assessments, familiarization with certain components of the target environments is required.  This has been the main drive behind this talk - exploring the capability offered by Azure Cloud services to perform security assessments and trying to identify the main elements that an assessor needs to focus during an engagement.”

Apostolis’ session, titled ‘A Penetration Tester’s Guide to the Azure Cloud’ is at 8pm (EDT) on Friday 22nd July 2016. It will provide an insight into the Microsoft Azure Cloud service and present practical advice on performing security assessments on Azure-hosted deployments. More specifically, the main security controls and configurations associated with each of the mainstream Azure components will be explored and any key points that need to be reviewed will be highlighted. Areas that will be covered include role-based security, secure networking features, perimeter security, encryption capability, auditing and monitoring of activities within the Azure Cloud environment.

MWR’s new tool, Azurite, includes two helper scripts - the Azurite Explorer and the Azurite Visualizer. The scripts are used to passively collect verbose information about the main components within a deployment in order to be reviewed offline and visualize the associations between the deployment’s resources using an interactive representation.

 

 

 

Accreditations & Certificates
MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.