So You Think You Can Secure Your Cloud - Red Team Engagements in GCP
Offered By: Security BSides San Francisco via YouTube
Course Description
Overview
Dive into a comprehensive 51-minute conference talk from BSidesSF 2022 exploring red team engagements in Google Cloud Platform (GCP). Learn advanced techniques for adversary simulations, including initial access, persistence methods, privilege escalation, and leveraging Google's products for command and control. Discover strategies for manipulating firewall rules, compute instances, and abusing Key Management Service and Google Cloud Storage for data decryption and exfiltration. Gain valuable insights into cloud security from experts Brad Richardson and Madhav Bhatt as they guide you through the intricacies of securing GCP environments against sophisticated attacks.
Syllabus
Intro
DISCLAIMER!!
GCP 101
Persistence via SSH Key
Persistence via Service Account
Persistence via Start-up Script
SSH via Browser
Continued: Persistence on Project
Persistence on Organization
Enter gepHound
Privilege Escalation and Persistence
Continued: Command & Control
Continued: Lateral Movement
Data Exfiltration
Data Decryption
Closing Remarks
Questions ..!!??
Taught by
Security BSides San Francisco
Related Courses
Advanced Ethical HackingCity College of San Francisco via California Community Colleges System Ethical Hacking & Network Defe
City College of San Francisco via California Community Colleges System Pentesting Fundamentals for Beginners
Packt via Coursera The Complete Pentesting and Privilege Escalation Course
Packt via Coursera CVE Series: HiveNightmare (CVE-2021-36934)
Cybrary