Kloudle
academy

Understanding common Google Cloud misconfigurations using GCP Goat

Pragti Chauhan
#cloudvillage#cloudsecurity
Feature image

Introduction

A majority of security incidents in the cloud result from misconfiguration of the cloud services. One of the great ways to learn about this is by understanding what are the common misconfigurations that often lead to attacks and breaches.

In this video, Joshua Jebaraj will explain how you can use GCP Goat to understand common misconfigurations on Google Cloud. Joshua is a security researcher and is deeply interested in the areas of Cloud security, DevSecOps, and Kubernetes Security. He is part of various open-source communities like null, Ansible, and Hashicorp and regularly presents at various security events.

This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.

What to expect from this video

Following topics have been covered in this video:

  1. Introduction and getting started with GCP Goat
  2. Attacking Google Compute Engine
  3. Attacking SQL Instance
  4. Attacking Google Kubernetes Engine
  5. Attacking Google Cloud Storage
  6. Privilege Escalation

Video

https://www.youtube.com/watch?v=dcKER88tH50

Key Takeaways

With cloud adoption on the rise, attackers are also finding ways to exploit gaps and weaknesses in the way cloud infrastructures are configured. It is essential for the DevOps and SRE’s who set up the cloud infrastructure for their teams and organisations to understand how to properly configure their infrastructure.

This video introduces you to GCP Goat, which is an intentionally vulnerable environment for learning about GCP security. It is an open source project created by Joshua Jebaraj - the presenter of the tech talk. GCP Goat allows you to practice various scenarios in which you can learn how vulnerable GCP services can be attacked by the adversaries, thus gaining an understanding of what gaps may be left when GCP services are not configured properly and securely.

← Back to Academy