

<strong>Paper Title</strong><br>

Attack Simulation of Multi-Cloud Services<br>

<br>


<strong>Abstract</strong><br>

The main purpose of this paper is to understand the working model of Identity and Access Management (IAM), the different attacks associated with IAM, and the simulation of these attacks against IAM services of three major cloud providers. IAM is a critical service, and there are a lot of risks associated with this in the cloud environment. Hence it is widely exploitable by threat actors to compromise the cloud environment. To test the detection capabilities against the exploitation of the IAM service, the adversary simulates these attacks in a multi-cloud environment with the help of attack simulation scripts.

Since an organisation cannot simulate different IAM-based attacks on multi-cloud due to its default security and lack of resources, this paper aims to develop a set of simulated red-teaming scenarios. This allows red teamers to build a vulnerable environment for attack simulation to test security operations and detection capabilities against IAM-based attacks in a multi-cloud environment.

Implementation of different IAM-based attacks is done with the help of terraform scripts. These Terraform scripts contain the instruction of the code, which creates a vulnerable environment on the organization’s Amazon Web Service (AWS), Azure and Google Cloud Platform (GCP) accounts. After building the vulnerable environment with the help of terraform script, operator scan (a) simulate attacks against IAM services, (b) collect logs from three cloud providers, and (c) test the security operations and detection capabilities, against these IAM-based attacks.

Keywords - Attack Simulation, Multi-Cloud, Adversary, Threat Actors, AWS, Azure, GCP, Terraform.