protectaccount
Hero Member
- Joined
- December 27, 2025
- Messages
- 735
- Reaction score
- 1,076
- Points
- 93
- Thread Author
- #1
• Practically understand Google Cloud Red Team Fundamentals
• Simulate Cyber Kill Chain in Google Cloud Environment
• Target & Abuse Google Enterprise Applications
• Perform Blue Team Operations in Google Cloud Environment
Google Cloud & Red Team Fundamentals
Google Cloud Platform
Hierarchy
Service Account
Identity & Access Management
Google Workspace
Management
Productive Apps
Google Cloud Authentication
GUI, CLI & API
Red Team Methodology
Motive / Objective in Red Team Ops in Google Cloud
Cyber Kill Chain
Assume Breach Scenario
MITRE ATT&CK Matrix for Cloud
Red Team Operations in Google Cloud Environment
Open Source Information Gathering (OSINT)
Passive [DNS based]
Active
Gaining Initial Access
Stolen Credential [SVN, Dev System Compromise]
Exploiting Application [App running on VM, Server-less, Kubernetes]
Internal Recon
Google Cloud Services
Privilege Escalation
Local [VM] Based [Windows, Linux]
Cloud Based [IAM Mis-configuration, Service Account etc.]
Maintaining Access
Local [VM] Based [Users, OsLogin, SSH Key etc.]
Cloud Based [Service Account, Cloud Function etc.]
Hunting for Credentials
Secret [Secret Manger etc.]
Sensitive Data [Buckets, Databases etc.]
Lateral Movement
Pivot the Networks Boundary [VPC]
Expand Access Control Plane to Data Plane [VMs]
GCP to Workspace Access [Domain Wide Delegation]
Achieving the Objectives
Data Exfiltration / Destruction / Encryption
