~ 2 min read

Understanding common Google Cloud misconfigurations using GCP Goat

A hands-on introduction and walkthrough of GCP Goat - an intentionally vulnerable GCP environment to help understand common misconfigurations in Google Cloud and how attackers can take advantage of it.

Introduction

‍

A majority of security incidents in the cloud result from misconfiguration of the cloud services. One of the great ways to learn about this is by understanding what are the common misconfigurations that often lead to attacks and breaches.

In this video, Joshua Jebaraj will explain how you can use GCP Goat to understand common misconfigurations on Google Cloud. Joshua is a security researcher and is deeply interested in the areas of Cloud security, DevSecOps, and Kubernetes Security. He is part of various open-source communities like null, Ansible, and Hashicorp and regularly presents at various security events.

This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud. 

‍

What to expect from this video

‍

Following topics have been covered in this video:

  1. Introduction and getting started with GCP Goat
  2. Attacking Google Compute Engine
  3. Attacking SQL Instance
  4. Attacking Google Kubernetes Engine
  5. Attacking Google Cloud Storage
  6. Privilege Escalation

‍

‍

Key Takeaways

‍

With cloud adoption on the rise, attackers are also finding ways to exploit gaps and weaknesses in the way cloud infrastructures are configured. It is essential for the DevOps and SRE’s who set up the cloud infrastructure for their teams and organisations to understand how to properly configure their infrastructure.

This video introduces you to GCP Goat, which is an intentionally vulnerable environment for learning about GCP security. It is an open source project created by Joshua Jebaraj - the presenter of the tech talk. GCP Goat allows you to practice various scenarios in which you can learn how vulnerable GCP services can be attacked by the adversaries, thus gaining an understanding of what gaps may be left when GCP services are not configured properly and securely.

‍

***

‍

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. If you wish to give your feedback on this article, you can write to us here.

;