Google Cloud Hacking Red Team Perspective!
Cloud Security Podcast2 Elo 2023

Google Cloud Hacking Red Team Perspective!

Google cloud hacking or pentesting is very different to other popular cloud service providers like aws or azure. In this episode we had Shannon McHale (Mandiant now Google Cloud) to talk about how she approaches pentesting a google cloud environment and how you can too.


Episode YouTube: ⁠ Video Link⁠⁠⁠


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Shannon McHale's Linkedin ⁠⁠⁠⁠(⁠Shannon's Linkedin⁠)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Questions

A word from our sponsors - you can visit them on ⁠⁠⁠⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠⁠⁠⁠


(00:00) Introduction

(03:38) A bit about Shannon McHale

(05:31) What is Red Teaming?

(06:42) Red Teaming in the Cloud

(07:50) Methodology behind Red Teaming

(09:32) Pentesting in Goole Cloud

(10:28) Low hanging fruits in Google Cloud

(14:36) GCP storage

(16:09) Red Team Assessment in Google Cloud

(17:08) The importance of Metadata

(18:17) Recommendations for Blue Teamers

(22:03) How to get started in Red Teaming?

(26:06) Tools or Research that stood out for Shannon

(27:42) GCP Resources that can be exposed

(29:15) Resources to learn about Cloud Red Teaming

(30:37) The Fun Questions


These are some of the resources Shannon found helpful to learn about Pentesting in Cloud along with her own GitHub link

See you at the next episode!

Jaksot(344)

Confidential Computing in Azure Explained

Confidential Computing in Azure Explained

In this episode of the Virtual Coffee with Ashish edition, we spoke with Steve Orrin (Steve's Linkedin) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv H...

28 Touko 202243min

Azure Cloud Security Architecture

Azure Cloud Security Architecture

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sai Gunaranjan (Sai's Linkedin) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv ...

25 Touko 202240min

Azure Security Fundamentals Level 1

Azure Security Fundamentals Level 1

In this episode of the Virtual Coffee with Ashish edition, we spoke with Andrew Brown, ExamPro Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitt...

19 Touko 202237min

Finding Security Holes in Azure Services

Finding Security Holes in Azure Services

In this episode of the Virtual Coffee with Ashish edition, we spoke with Yoav Alon, CTO, Orca Security Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Ho...

15 Touko 202234min

Azure Kubernetes Service (AKS) Security Explained

Azure Kubernetes Service (AKS) Security Explained

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jimmy Mesta, Co-Founder, KSOC Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Ho...

8 Touko 202247min

Azure Security Fundamentals - Zero Trust with Azure AD

Azure Security Fundamentals - Zero Trust with Azure AD

In this episode of the Virtual Coffee with Ashish edition, we spoke with Paul Schwarzenberger, Cloud Security Engineer, Celidor Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.c...

1 Touko 202242min

How to Secure Cloud Managed Kubernetes

How to Secure Cloud Managed Kubernetes

In this episode of the Virtual Coffee with Ashish edition, we spoke with Or Azarzar from LightSpin Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host T...

26 Huhti 202233min

Kubernetes Security Best Practices in 2022

Kubernetes Security Best Practices in 2022

In this episode of the Virtual Coffee with Ashish edition, we spoke with Ian Lewis from Google Cloud Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host...

25 Huhti 202241min