IAM & identity
Excessive permissions, role assumption chains, cross-account trust, broken MFA, leaked access keys, OIDC trust mis-config, service-account abuse.
// cloud security audit
AWS, Azure and GCP audits aligned with CIS Benchmarks and the major cloud providers' published shared-responsibility model. IAM, storage exposure, container security and privilege-escalation paths — for Pakistani teams whose customers ask "where is our data?"
Configuration review plus active testing where rules of engagement allow — never just a scanner dump.
Excessive permissions, role assumption chains, cross-account trust, broken MFA, leaked access keys, OIDC trust mis-config, service-account abuse.
Public S3 / Blob / GCS buckets, signed-URL misuse, snapshot exposure, ACL drift, default-encryption misses, lifecycle policy gaps.
EC2 / VM IMDSv1 abuse, exposed Docker / Kubernetes APIs, container escape primitives, RBAC mis-config, exposed kubelet, privileged pods.
Security-group sprawl, exposed databases, public endpoints, secrets in environment variables / CI logs, broken WAF rules, VPC peering risks.
Prowler (AWS/Azure/GCP), ScoutSuite, CloudSploit, Steampipe / PowerPipe, native CLIs, custom Pacu modules.
Pacu (AWS), MicroBurst (Azure), GCPBucketBrute, Trufflehog for secrets, exploit chains validated with read-only IAM where possible.
Risk posture and remediation timeline for management and Western customers.
Per-control mapping showing where you pass and where you don't, for audit response.
Per-finding write-ups with CVSS, reproduction commands, and prescriptive remediation IaC snippets.
Re-test every confirmed finding after your team fixes it. Sign-off letter for SOC 2 / ISO 27001.
A free 30-minute scoping call. We'll talk through your provider, account topology, and what your customers' security teams ask for.