External network perimeter
Every public IP, port, service, certificate, and DNS record. Reconciled against your firewall rules and ACLs.
network & cloud · 11
Audit your network and cloud before the auditor does.
Internal and external network testing, Active Directory review, AWS / GCP / Azure configuration audit, network segmentation validation, hybrid-cloud trust analysis. We test the boundaries your compliance scope depends on.
01. in scope
What's in scope.
What's in an infra & network audit.
Internal network
East-west traffic, VLAN segmentation, jump host hygiene, legacy protocols still on the wire, plaintext credentials in transit.
Active Directory
Kerberoasting, ASREProast, ADCS misconfiguration, AdminSDHolder abuse, GPO trust, delegation chains, group nesting.
AWS / GCP / Azure
IAM blast-radius walks, public S3 / GCS / Blob, security-group hygiene, KMS misuse, metadata-service exposure, control-plane logging, cross-account / cross-project trust.
Segmentation validation
For PCI / HIPAA / SOC 2: verify the network boundary actually contains the scope you claimed. Many segmentations leak.
Hybrid trust
On-prem to cloud, cloud to cloud, VPN, Direct Connect, ExpressRoute, SD-WAN. Trust chains across boundaries are where lateral movement starts.
02. how we work
How we work on it.
How an infra audit runs.
- Scoping call60 minutes. We map the environment, the compliance scope, the existing tooling.
- Read-only access + collectionCloud read-only roles, AD read-only account, network diagrams, asset inventory.
- Active testingTwo to four weeks. External, internal, AD, cloud, segmentation. Coordinated with your team; no surprises.
- Report + readoutFindings catalog, attack chains, segmentation gaps, IAM blast-radius graphs, remediation roadmap.
- Retest30 days, one round, included.
03. deliverables
What you walk away with.
Infra audit deliverables.
Asset inventory + delta
What we found vs what your CMDB says. Shadow IT, forgotten environments, expired certs, orphan accounts.
Attack-path diagrams
Visual paths from external foothold to crown-jewel data, with intermediate techniques. Useful for engineering planning and board reporting.
IAM blast-radius report
Per-principal: what they can access, what they can escalate to, what they could do in a worst case. Cloud-native.
Segmentation report
Where your network actually segments and where it does not. Critical for compliance scope.
AD hardening roadmap
Specific GPO / ADCS / delegation changes, ranked by attack risk and ops impact.
Compliance evidence pack
Findings and remediation evidence formatted for SOC 2, ISO 27001, PCI auditors.
04. when
When teams hire us for this.
When an infra audit is the move.
You inherited the environment
New role, undocumented network, decade of accumulated AD policy. Get the lay of the land before someone exploits what you do not know about.
You completed a cloud migration
On-prem patterns do not translate cleanly to cloud IAM. Audit before the first incident shows you why.
PCI / HIPAA / SOC 2 scope review
Compliance scope depends on network and access boundaries. We verify the boundary holds.
You merged or acquired
Two networks, two identity providers, two cloud accounts. We map the combined attack surface and the trust boundaries.
05. faq
Questions before the call.
Infra audit FAQ.
Internal pentest vs infra audit?
Significant overlap. An infra audit is broader (configuration + design); a pentest goes deeper on exploitation. Often run together.
What cloud providers do you cover?
AWS, GCP, Azure. Oracle Cloud, IBM Cloud, Alibaba Cloud on request. Kubernetes (EKS, GKE, AKS, on-prem) covered.
What about Active Directory if we've already moved to Entra?
We cover both. Most environments are hybrid for years. Entra-only audits available.
Do you do segmentation validation only?
Yes, as a standalone for PCI. Faster engagement, focused report, segmentation-only evidence pack.
Read-only or write access?
Read-only by default. Write access only on request for IaC remediation pull requests.
Want to know what your network looks like to an attacker?
60-minute call covers the environment and the compliance context. We quote the audit that matches what you actually need.