Google Cloud & Red Team Fundamentals
Google Cloud Platform
Hierarchy
Service Account
Identity & Access Management
Google Workspace
Management
Productive Apps
Google Cloud Authentication
GUI, CLI & API
Red Team Methodology
Motive / Objective in Red Team Ops in Google Cloud
Cyber Kill Chain
Assume Breach Scenario
MITRE ATT&CK Matrix for Cloud
Blue Team Operations in Google Cloud Environment:
Security Controls
Organizational Policy
Logging & Monitoring
Security Command Center
Red Team Operations in Google Cloud Environment
Open Source Information Gathering (OSINT)
Passive [DNS based]
Active
Gaining Initial Access
Stolen Credential [SVN, Dev System Compromise]
Exploiting Application [App running on VM, Server-less, Kubernetes]
Internal Recon
Google Cloud Services
Privilege Escalation
Local [VM] Based [Windows, Linux]
Cloud Based [IAM Mis-configuration, Service Account etc.]
Maintaining Access
Local [VM] Based [Users, OsLogin, SSH Key etc.]
Cloud Based [Service Account, Cloud Function etc.]
Hunting for Credentials
Secret [Secret Manger etc.]
Sensitive Data [Buckets, Databases etc.]
Lateral Movement
Pivot the Networks Boundary [VPC]
Expand Access Control Plane to Data Plane [VMs]
GCP to Workspace Access [Domain Wide Delegation]
Achieving the Objectives
[b]Data Exfiltration / Destruction / Encryption[/b]
