Google Cloud Hacking Red Team Perspective!
Cloud Security Podcast2 Aug 2023

Google Cloud Hacking Red Team Perspective!

Google cloud hacking or pentesting is very different to other popular cloud service providers like aws or azure. In this episode we had Shannon McHale (Mandiant now Google Cloud) to talk about how she approaches pentesting a google cloud environment and how you can too.


Episode YouTube: ⁠ Video Link⁠⁠⁠


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Shannon McHale's Linkedin ⁠⁠⁠⁠(⁠Shannon's Linkedin⁠)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Questions

A word from our sponsors - you can visit them on ⁠⁠⁠⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠⁠⁠⁠


(00:00) Introduction

(03:38) A bit about Shannon McHale

(05:31) What is Red Teaming?

(06:42) Red Teaming in the Cloud

(07:50) Methodology behind Red Teaming

(09:32) Pentesting in Goole Cloud

(10:28) Low hanging fruits in Google Cloud

(14:36) GCP storage

(16:09) Red Team Assessment in Google Cloud

(17:08) The importance of Metadata

(18:17) Recommendations for Blue Teamers

(22:03) How to get started in Red Teaming?

(26:06) Tools or Research that stood out for Shannon

(27:42) GCP Resources that can be exposed

(29:15) Resources to learn about Cloud Red Teaming

(30:37) The Fun Questions


These are some of the resources Shannon found helpful to learn about Pentesting in Cloud along with her own GitHub link

See you at the next episode!

Episoder(345)

All the Security Updates - Google Cloud Next 21 - Cloud Security News

All the Security Updates - Google Cloud Next 21 - Cloud Security News

Cloud Security News this week 20 October 2021 Google Cloud is adding new features to their zero trust access solution, BeyondCorp Enterprise which will enable identity and context-aware access to no...

20 Okt 20215min

What is Cloud Native Application Protection Platform - CNAPP Explained!

What is Cloud Native Application Protection Platform - CNAPP Explained!

In this episode of the Virtual Coffee with Ashish edition, we spoke with Om Moolchandani (@omaitrika) is a CISO and CTO at Accurics (@AccuricsSec).. Episode ShowNotes, Links and Transcript on Cloud Se...

17 Okt 202148min

Google Cloud Next 21, Kubecon and VMworld - Cloud Security News

Google Cloud Next 21, Kubecon and VMworld - Cloud Security News

Cloud Security News this week 14 October 2021 It's an eventful month for all things cloud as Google Cloud Next 21 and Kubecon are happening this week. Ashish from Cloud Security Podcast was co-hosting...

13 Okt 20214min

Implementing Cloud Security Tools the Right way - Stay Alert Not Fatigue!

Implementing Cloud Security Tools the Right way - Stay Alert Not Fatigue!

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar (@gauravphoenix) is the Founder of Dassana (@DassanaSecurity). Episode ShowNotes, Links and Transcript on Cloud Se...

10 Okt 202135min

AWS Launches Cloud Control API - Cloud Security News

AWS Launches Cloud Control API - Cloud Security News

Cloud Security News this week 06 October 2021 AWS has announced the availability of AWS Cloud Control API - a set of common application programming interfaces (APIs) that are designed to make it eas...

6 Okt 20213min

Data Security in Cloud with David McCaw, Dasera

Data Security in Cloud with David McCaw, Dasera

In this episode of the Virtual Coffee with Ashish edition, we spoke with David McCaw (Linkedin - David McCaw) is a Co-Founder of Dasera (@DaseraInc). Episode ShowNotes, Links and Transcript on Cloud S...

3 Okt 202149min

Cloud Security ranks in 2021 OWASP Top 10 - Cloud Security News

Cloud Security ranks in 2021 OWASP Top 10 - Cloud Security News

Cloud Security News this week - 29 September 2021 Amazon Web Services, Google Cloud, IBM, and Microsoft have joined forces this week with the Enterprise Data Management (EDM) Council to publish a f...

29 Sep 20213min

Cloud Security Careers: Application Security Engineer Skills with Tanya Janca

Cloud Security Careers: Application Security Engineer Skills with Tanya Janca

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca (@shehackspurple) is an Author, Security Trainer and Founder of We Hack Purple (@WeHackPurple). Episode ShowNotes,...

26 Sep 202144min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
energi-og-klima
tomprat-med-gunnar-tjomlid
elektropodden
fornybaren
rss-impressions-2
shifter
nasjonal-sikkerhetsmyndighet-nsm
teknologi-og-mennesker
pedagogisk-intelligens
rss-polypod
rss-ki-praten
rss-ai-forklart
rss-for-alarmen-gar
rss-digitaliseringspadden
rss-fjorsilkebris-podcast
rss-visjonarene
rss-alt-som-gar-pa-strom