Cloud Red Team Harnesses
API-first offensive architecture, IAM privilege escalation path-finding, and evidence-backed findings mapped to SOC 2, ISO 27001, and PCI DSS.
The cloud is an API, not a network. A cloud red team harness is API-first and identity-first. Port scanning is irrelevant — the attack surface is IAM policies, roles, and trust relationships, not open ports.
IAM is the primary attack surface. A cloud breach is almost always an IAM abuse. Privilege escalation is graph traversal — the same technique as posture attack-path analysis, applied to the permission space.
Escalation paths must be demonstrated, not asserted. Every path is backed by an evidence chain showing the exact API calls, in order, that achieve it. Reproducible, verifiable, client-presentable.
Findings must speak the auditor's language. Technical findings mapped to SOC 2, ISO 27001, and PCI DSS controls. The auditor does not understand iam:PassRole — they understand which control is at risk.