CLOUD PENTESTING | PENTEST REGULAR 01/2014 TEASER

Dear PenTest Readers,

We are happy to present to you the long awaited Cloud Pentesting issue. Welcome to the first PenTest Regular in 2014! As mentioned before, the focal point of this issue will be penetration testing in the cloud. Many aspects of this topic have been discussed in this publication, so we are sure you will find it interesting. Cloud computing is probably the most frequent topic on various InfoSec events. Since the concept is fairly new, it still provokes many questions and disputes. One of the most influential personas in the cloud world is Ian Moyse. He kindly agreed to prepare an article about the risks which the cloud can provide for its users. Moreover, Ralph S. LaBarge has given us the permission to publish an article based on his college paper about detecting cloud vulnerabilities. Also, Bruno Rodrigues was kind enough to describe his experience with moving his pentesting tools to the cloud and conducting the test from there. It is just a glimpse on what you will find in this issue. Refer to the table of contents for more information and enjoy the cloudy PenTest magazine!

TABLE OF CONTENTS Introduction to Cloud by Muhammad Saleem Pentest Amazon Cloud Instances Like a Pro by Anthony Siravo

Cloud Services Penetration Testing by Chad Olivier

The Risk Profile of IaaS Cloud Proliferation by Dwight Koop

Vulnerabilities Detection in the Cloud by Ralph S. LaBarge

Cloudy Data Protection and Sovereignty  by Ian Moyse

Moving the Pentest Tools to the Cloud by Bruno Rodrigues

The Basics of Physical Penetration Testing by Daniel Chew

Testing Physical Access Control: RFID by Adam Kliarsky

BrowserExploitServer Mixin: The New Browser Exploitation Module in Metasploit’s Arsenal by Hardik Suri