Hackers of India

GCPGoat : A Damn Vulnerable GCP Infrastructure

By Shantanu Kale , Rishappreet Singh Moonga , Ravi Verma , Govind Krishna on 12 May 2023 @ Blackhat : Arsenal
πŸ’» Source Code πŸ”— Link
#gcp #cloud-pentesting #cloud-workload-protection #security-testing #application-pentesting #misconfiguration #iam
Focus Areas: πŸ” Application Security , ☁️ Cloud Security , βš™οΈ DevSecOps , πŸͺͺ Identity & Access Management , πŸ” Vulnerability Management
This Tool Demo covers following tools where the speaker has contributed or authored
GCPGOAT

Abstract

GCPGoat is a vulnerable by design infrastructure on GCP featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, Storage Bucket, Cloud Functions and Compute Engine. GCPGoat mimics real-world infrastructure but with added vulnerabilities. It features multiple escalation paths and is focused on a black-box approach.