Google Cloud Red Team Specialist [CGRTS]

[User_37997]

oogle Cloud & Red Team Fundamentals
Google Cloud Platform​

• Hierarchy​
• Service Account​
• Identity & Access Management​

Google Workspace​

• Management​
• Productive Apps​

Google Cloud Authentication​

• GUI, CLI & API​

Red Team Methodology​

• Motive / Objective in Red Team Ops in Google Cloud​
• Cyber Kill Chain​
• Assume Breach Scenario​
• MITRE ATT&CK Matrix for Cloud​

Blue Team Operations in Google Cloud Environment:
Security Controls​

• Organizational Policy​

Logging & Monitoring
Security Command Center
Red Team Operations in Google Cloud Environment
Open Source Information Gathering (OSINT)​

• Passive [DNS based]​
• Active​

Gaining Initial Access​

• Stolen Credential [SVN, Dev System Compromise]​
• Exploiting Application [App running on VM, Server-less, Kubernetes]​

Internal Recon​

• Google Cloud Services​

Privilege Escalation​

• Local [VM] Based [Windows, Linux]​
• Cloud Based [IAM Mis-configuration, Service Account etc.]​

Maintaining Access​

• Local [VM] Based [Users, OsLogin, SSH Key etc.]​
• Cloud Based [Service Account, Cloud Function etc.]​

Hunting for Credentials​

• Secret [Secret Manger etc.]​
• Sensitive Data [Buckets, Databases etc.]​

Lateral Movement​

• Pivot the Networks Boundary [VPC]​
• Expand Access Control Plane to Data Plane [VMs]​
• GCP to Workspace Access [Domain Wide Delegation]​

Achieving the Objectives​

• Data Exfiltration / Destruction / Encryption​

To view the content, you need to Sign In or Register.