Offensive GCP Operations & Tactics Certification (OGOTC)

Description

Offensive GCP Operations & Tactics Certification (OGOTC) is an hands-on course designed to equip security professionals with the skills to assess and exploit vulnerabilities in Google Cloud Platform (GCP) environments. This course covers the full attack lifecycle, from initial access and enumeration to privilege escalation, lateral movement, and post-exploitation techniques. Participants will learn to abuse misconfigured IAM roles, exposed APIs, and metadata services, as well as exploit weak permissions and default configurations. The course also includes a deep dive into Kubernetes attacks, highlighting how to compromise and move within Kubernetes clusters. Real-world scenarios, including credential theft, phishing, and service account hijacking, will be explored. Defensive strategies and mitigation techniques will be provided to help secure GCP environments against these threats.

Key Learning Objectives

By the end of this course, participants will be able to:
- Understand the architecture and security model of Google Cloud Platform (GCP).
- Identify and exploit misconfigured IAM roles, APIs, and service accounts.
- Perform unauthenticated and authenticated enumeration of GCP resources.
- Gain initial access through leaked credentials and phishing techniques.
- Escalate privileges and move laterally within GCP projects.
- Exfiltrate data and establish persistence using GCP services.
- Exploit Kubernetes misconfigurations for privilege escalation and lateral movement.
- Develop effective defensive strategies to secure GCP environments.

Who Should Attend?

• Penetration Testers - Looking to expand their expertise in cloud security and offensive GCP techniques.
• Security Researchers - Interested in understanding and exploiting GCP misconfigurations and vulnerabilities.
• Cloud Security Engineers - Seeking to strengthen their ability to secure GCP environments against real-world threats.
• DevOps and SRE Teams - Wanting to identify and remediate common GCP misconfigurations.

Prerequisite Knowledge

• Basic understanding of cloud computing concepts
• Familiarity with Google Cloud Platform (GCP) services and architecture
• Working knowledge of Linux and Windows command-line interfaces (CLI)

Hardware Requirements

Laptop with Admin Privileges, GCloud CLI, Kubectl, GCP Account with project mapped the billing account.

Bio