Cyber Security Consultancy
If you have any testing related requirements don't hesitate to get in touch for a no obligation chat.
Initially, We will work with you to determine what types of testing would be best suited to your business taking into account:
budget
time scales
threat actors / threat modeling
technologies
risk appetite
This will allow us to tailor a test plan and approach that gives you the most value for money and addresses real world security concerns, and ultimately deliver a report that provides pragmatic action based remediation and mitigation guidance for any issues that do arise.
AWS Test Header
A comprehensive white box security review of your AWS account configuration, combining automated scanning with detailed manual analysis. This assessment focuses on identifying vulnerabilities in the AWS control plane that could allow attackers to access data or systems, disrupt services and elevate privileges.
What’s Included:
Evaluation against latest industry standards including:
CIS AWS Foundations Benchmark
CIS AWS Compute Services Benchmark
CIS AWS Storage Services Benchmark
CIS AWS Database Services Benchmark
CIS AWS End User Compute Services Benchmark
AWS Foundational Security Best Practices.
Unique Snotra specific automated checks.
In-depth manual analysis of:
IAM Policies
Resource Based Policies
Cross-Account Trust Policies
User Accounts
Network Access Control Lists
Security Groups
To identify potential authorisation bypass and privilege escalation vulnerabilities, as well as unintended data exposure.
📄 View a sample report (coming soon)
Access Requirements:
To perform the review, you’ll need to provide either:
IAM User credentials (including Access Keys), or
Username and Password and AWS SSO URL, or
a Cross-account Role ARN
Cross-account role trust policies should be configured to allow the following principal to assume the role:
"arn:aws:iam::243001516183:user/shaun"
The principal must have read-only access to all resources. This can be granted by attaching the following AWS managed policies:
ReadOnlyAccess
SecurityAudit
Timings
Configuration reviews typically take 2 or 3 days to complete.
Reviews of larger AWS organisations with multiple accounts can take longer.
Azure Configuration Review
A comprehensive white box security review of your Azure Tenancy and Subscriptions, combining automated scanning with detailed manual analysis. This assessment focuses on identifying vulnerabilities in the control plane that could allow attackers to access data or systems, disrupt services and elevate privileges. Includes Entra ID and all resources within a Management Group, Subscription(s) or Resource Group(s).
What’s Included:
Evaluation against latest industry standards including:
CIS Azure Foundations Benchmark
CIS Azure Compute Services Benchmark
CIS Azure Storage Services Benchmark
CIS Azure Database Services Benchmark
CIS Azure Kubernetes Service Benchmark
Unique Snotra specific automated checks.
In-depth manual analysis of:
Entra ID
Enterprise Applications (Service Principals) / App Registrations
Azure RBAC
Secret exposure
Network Access Controls
To identify potential attack paths including privilege escalation vulnerabilities and data exposure.
📄 View a sample report (coming soon)
Access Requirements:
To perform the review, you’ll need to provide an Entra ID user account with both:
Global Reader Entra ID Role
Reader Azure RBAC Role
Additionally, the Entra ID user should be excluded from Conditional Access policies that may block us from accessing the account remotely and or using administrative tooling.
Timings
Configuration reviews typically take 2 or 3 days to complete.
Reviews of larger Management Groups with multiple subscriptions can take longer.
M365 Configuration Review
A comprehensive white box security review of your M365 Tenancy, combining automated scanning with detailed manual analysis. This assessment focuses on identifying vulnerabilities in the control plane that could allow attackers to access data or systems, disrupt services and elevate privileges. Includes Entra ID and all M365 services including teams, sharepoint, exchange and endpoint.
What’s Included:
Evaluation against latest industry standards including:
CIS Microsoft 365 Foundations Benchmark
Unique Snotra specific automated checks.
In-depth manual analysis of:
Entra ID
Enterprise Applications (Service Principals) / App Registrations
Secret exposure
Sharing and cross tenant access
To identify potential attack paths including privilege escalation vulnerabilities and data exposure.
Endpoint (AKA Intune) configuration review, including:
Android Devices
Apple Devices
BYOD and Corporate Owned device configuration
📄 View a sample report (coming soon)
Access Requirements:
To perform the review, you’ll need to provide an Entra ID user account with both:
Global Reader Entra ID Role
Sharepoint Administrator Role
Additionally, the Entra ID user should be excluded from Conditional Access policies that may block us from accessing the account remotely and or using administrative tooling.
Timings
Configuration reviews typically take 2 or 3 days to complete.
Free Cloud Scan
Perform a free automated scan of your cloud infrastructure to identify low hanging fruit and common misconfigurations.
Reports are created automatically with no manual intervention and may contain false positives. For a more in-depth assessment it is recommended to complete a full cloud configuration review which includes manual expert analysis of the account to discover more complex and nuanced findings, as well as framing any discovered security issues within the context of the account and any real world impacts.
Bitcoin Consultancy ₿
Want help getting started with Bitcoin? Book a session and we will get you set up with a wallet, send you some bitcoin and take you through making your first transaction.
Or maybe you would like to discuss any of the following:
Running a node
Home Mining
Bitcoin Layer 2s
Using Liquid
Using Lightning
Bitcoin Privacy
Bitcoin Security
Running a BTCPay Server
Once you have bought a session I will be in touch to arrange a suitable time.
Meetings will be conducted over Signal.
Sessions are charged by the hour.