Most of Google’s flagship services like their search engine, Gmail, and YouTube run on Google Compute Engine, an Infrastructure as a Service (IaaS) component of GCP. What would happen if an attacker tried to compromise it? And how would you go about protecting your apps?
This course takes you on a tour of offensive and defensive techniques in GCP, starting with Virtual Machines (VM) on GCP. Learn about the attack surface, metadata compromise, and privilege escalation attacks.
Next, we’ll take a hands-on look at AppEngine, as well as Identity-Aware Proxy (IAP). To bring the course full circle, we’ll get hands-on with some defensive techniques, where you’ll learn how to secure access to your VMs through OS Login and SSH. We’ll also look at how to secure the VMs themselves.
As with every AppSecEngineer course, you’ll enjoy a full suite of hands-on exercises that simulate real-world scenarios in GCP security, giving you a full understanding of how to attack and secure your GCP compute infrastructure.
App engine 101
App engine with IAP
OS Login
Creating the hardened image with packer
Introduction to GCP VM
Overview of the GCP VM
Overview of the GCP VM attack surface
Metadata compromise
Privilege escalation due to default service accounts
App engine
Overview of appengine
Overview of IAP
Securing GCP VM
Secure access to the VM
SSH into the VM - done
Securing the VM
Shielded VM