Security
Reader small image

You're reading from  Cloud Penetration Testing for Red Teamers

Product typeBook
Published inNov 2023
Reading LevelIntermediate
PublisherPackt
ISBN-139781803248486
Edition1st Edition
Languages
Concepts
Cloud Security
Right arrow
Author (1)
Kim Crawley
Kim Crawley
author image
Kim Crawley

Kim Crawley is a thought leader in cybersecurity, from pentesting to defensive security, and from policy to cyber threat research. For nearly a decade, she has contributed her research and writing to the official corporate blogs of AT&T Cybersecurity, BlackBerry, Venafi, Sophos, CloudDefense, and many others. She has been an internal employee of both Hack The Box and IOActive, a leading cybersecurity research firm. With the hacker mindset, she hacked her way into various information security subject matters. She co-authored one of the most popular guides to pentester careers on Amazon, The Pentester Blueprint, with Philip Wylie for Wiley Tech. She wrote an introductory guide to cybersecurity for business, 8 Steps to Better Security, which was also published by Wiley Tech. She also wrote Hacker Culture: A to Z for O'Reilly Media. To demonstrate her knowledge of cybersecurity operations, she passed her CISSP exam in 2023. In her spare time, she loves playing Japanese RPGs and engaging in social justice advocacy. She's always open to new writing, research, and security practitioner opportunities.
Read more about Kim Crawley

Right arrow

Pentesting GCP Features through Serverless Applications and Tools

Now that we’ve learned a bit about the various services that Google Cloud Platform (GCP) has to offer, it’s time to start our own GCP deployment and learn about some GCP pentesting tools through hands-on practice.

We will install and execute some pentesting tools in the GCP virtual machine we set up in Chapter 10. They include Prowler, GCPBucketBrute, and GCP Scanner. We’ll also look at the security tools that Google provides for us in Security Command Center.

This chapter will cover the following topics:

  • GCP free tier
  • Launching a GCP network
  • Using GCP Cloud Shell
  • GCP native security tools
  • GCP pentesting tools
  • Exploiting GCP applications

Let’s get started!

Technical requirements

We will be working with Google’s infrastructure. Massive GCP data centers will be doing the bulk of the computer processing work for the exercises in this chapter. So, fortunately, you don’t need to have a top-of-the-line workstation. You will need the following:

  • A web browser
  • A desktop or laptop PC
  • An Android phone or iPhone
  • A good reliable internet connection

Check out the following video to view the Code in Action: https://bit.ly/4093wMk

GCP free tier

I strongly recommend setting up your own GCP network to test out the exercises in this chapter and Chapter 12.

There are several GCP products and services that you can enjoy in the free tier without incurring charges to your account. Do keep in mind though that you will need to give GCP your credit card number when you sign up. Your credit card will be charged if you go over the free tier limits, so you must check your usage and billing very carefully. When I signed up, I was given a 300 USD free credit for service fees in the first 90 days of my subscription. Depending on when you sign up, where in the world you sign up from, and the specifics of your situation, you may or may not receive a similar credit. Later in this chapter, I will show you where you can check your billing status so that you can make sure you don’t incur service charges that you can’t afford or otherwise wouldn’t want to pay for.

As of this writing in 2023, here are the...

Launching a GCP network

As with AWS and Azure, all you need is a modern laptop or desktop PC running Windows, macOS, or a Linux distribution to launch and manage a GCP network. Google’s computers and infrastructure do all of the heavy lifting as far as computing resources are concerned.

I would also recommend using Google Authenticator on your Android phone (https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&pli=1) or iPhone (https://apps.apple.com/us/app/google-authenticator/id388497605) so that you can use multi-factor authentication (MFA) with your GCP services. I would not recommend using your phone to do most of your GCP work as a PC screen and a physical keyboard are ideal for those purposes. But you may install the Google Cloud app (https://cloud.google.com/app) on your phone if you want to check the status of your GCP services. It’s especially great for checking your billing on the go to make sure you’re not doing...

Using GCP Cloud Shell

To launch GCP Cloud Shell, look at the menu bar at the top and click on the icon that looks like >_ to the immediate right of the search bar. Do you notice how similar GCP’s web interface is to the web interfaces in AWS and Azure?

Figure 11.7 – Top menu bar in the GCP console

Figure 11.7 – Top menu bar in the GCP console

All of the Bash commands we used in Chapter 5 for AWS and Chapter 8 for Azure will work here. Our Linux VM in GCP is functionally just like any other Linux-based computer; a Bash CLI is standard. If you want, you can review some Bash commands from Chapter 5.

The Cloud Shell screen looks like this:

Figure 11.8 – The Cloud Shell screen

Figure 11.8 – The Cloud Shell screen

Next, let’s check out some of the tools Google provides that will help us when we work as GCP pentesters.

GCP native security tools

Security Command Center is your starting point for all of the security tools that are built into GCP. It integrates various first-party GCP security tools that I mentioned in Chapter 10. This means you can see data from these applications and services within your Security Command Center (SCC) panel:

  • Identity and Access Management (https://cloud.google.com/iam), which manages all of the user identities and machine identities (such as a TLS certificate for a web server) in your GCP network with robust logging that’s integrated into SCC and can also be integrated into an organization’s third-party security monitoring services. “Identity and Access Management (IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage Google Cloud resources centrally.
  • Cloud IDS (https://cloud.google.com/intrusion-detection-system), which serves the same functions as most...

Installing GCP pentesting tools

There are a few different third-party tools that we’ll use to conduct security scans in our GCP instance. First, we’ll install them.

Prowler

I mentioned Prowler for AWS in Chapter 5 and for Azure in Chapter 8. You can also use Prowler to find vulnerabilities in GCP. I’ll briefly walk you through this process as Prowler has already been covered quite a bit in this book.

Everything we’ll be doing will be in Cloud Shell. From the GCP console web application, click on the icon that looks like >_ on the right-hand side of the search bar in the top menu bar to open Cloud Shell. The default CLI is a terminal, which is Bash. All of the Linux Bash commands we used in the AWS and Azure chapters will work here.

First, I verified that I had pip installed and which version it was with this command:

pip -V

This was the response I got at the command line:

pip 20.3.4 from /usr/lib/python3/dist-packages/pip (python 3...

Exploiting GCP applications

Now that we’ve installed a few third-party scanning tools, it’s time to use them.

Prowler

Let’s go through the basics of scanning GCP with Prowler first.

By default, Prowler will use the credentials of whichever account you used to log in to GCP for your VM. If you need to change your account, verify your accounts in IAM in the GCP web console. Verify your account credentials. You can change accounts in GCP with this command:

gcloud config set account <account>

Now, we can run a default Prowler scan in GCP with this command. Make sure you’re in the Prowler directory first, then run a scan:

cd prowler
prowler gcp

If you used GitHub to install Prowler, use prowler.py instead of prowler in your commands.

I recommend executing the help file first so that you can see all of the commands and options you can use in Prowler. As in previous chapters, you can get Prowler to list services and checks, and run specific...

Summary

Everything you need to create a GCP network to practice pentesting can be done with the services in the GCP free tier. Just make sure you check your billing in the GCP web console to make sure you aren’t incurring charges.

You may need to set up a Google Workspace or Cloud Identity account to get the most out of GCP. That includes using SCC. SCC is your starting point for all of the security tools that are built into GCP. It integrates various first-party GCP security tools. You can use SCC to check for some threats, vulnerabilities, and security recommendations based on Google’s threat intelligence. As with running third-party pentesting tools, SCC may provide you with useful information that you can use in your pentest report.

Just like with AWS and Azure, Prowler can be used to scan for vulnerabilities and regulatory compliance in GCP. We ran a Prowler vulnerability scan at the command line in Cloud Shell.

GCPBucketBrute checks whether attackers can...

Further reading

To learn more about the topics that were covered in this chapter, take a look at the following resources:

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 16 of 20
Next Chapter
You have been reading a chapter from
Cloud Penetration Testing for Red Teamers
Published in: Nov 2023Publisher: PacktISBN-13: 9781803248486
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime

Author (1)

author image
Kim Crawley

Kim Crawley is a thought leader in cybersecurity, from pentesting to defensive security, and from policy to cyber threat research. For nearly a decade, she has contributed her research and writing to the official corporate blogs of AT&T Cybersecurity, BlackBerry, Venafi, Sophos, CloudDefense, and many others. She has been an internal employee of both Hack The Box and IOActive, a leading cybersecurity research firm. With the hacker mindset, she hacked her way into various information security subject matters. She co-authored one of the most popular guides to pentester careers on Amazon, The Pentester Blueprint, with Philip Wylie for Wiley Tech. She wrote an introductory guide to cybersecurity for business, 8 Steps to Better Security, which was also published by Wiley Tech. She also wrote Hacker Culture: A to Z for O'Reilly Media. To demonstrate her knowledge of cybersecurity operations, she passed her CISSP exam in 2023. In her spare time, she loves playing Japanese RPGs and engaging in social justice advocacy. She's always open to new writing, research, and security practitioner opportunities.
Read more about Kim Crawley

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages