(S09) (THREAT) The Overlooked Playground: An Attacker's Journey Through GCP
Wednesday, October 15, 2025 9:30 AM to 10:00 AM · 30 min. (Canada/Eastern)
Information
From the first intrusion to the final exfiltration, this talk walks you step-by-step through the full lifecycle of a GCP compromise, leveraging the MITRE framework and the latest techniques used by cybercriminals.
You’ll discover how an attacker maps GCP’s structure and IAM, gains initial access (OAuth2 phishing, service account exploitation, etc.), moves laterally, maintains persistence, and escalates privileges. We’ll also unveil high-impact techniques such as Domain-Wide Delegation and the abuse of Google Workspace integrations.
The demonstration will conclude from a defensive perspective: a complete visualization of the attack chain, pinpointing weaknesses, and providing actionable recommendations to secure, detect, and respond swiftly.
Whether you’re a red teamer, penetration tester, or SOC analyst, you’ll walk away with concrete TTPs and best practices to test and protect your GCP environments—before an adversary does.
You’ll discover how an attacker maps GCP’s structure and IAM, gains initial access (OAuth2 phishing, service account exploitation, etc.), moves laterally, maintains persistence, and escalates privileges. We’ll also unveil high-impact techniques such as Domain-Wide Delegation and the abuse of Google Workspace integrations.
The demonstration will conclude from a defensive perspective: a complete visualization of the attack chain, pinpointing weaknesses, and providing actionable recommendations to secure, detect, and respond swiftly.
Whether you’re a red teamer, penetration tester, or SOC analyst, you’ll walk away with concrete TTPs and best practices to test and protect your GCP environments—before an adversary does.
Type
Session
Stage
Threat Landscape Stage
