Incident Response in GCP

In the spring of 2021, I made one of the most drastic decisions of my life and decided to move to Sweden. My primary motivation was to improve my English language skills and further explore my passion for problem-solving in cybersecurity. What followed was an enriching and rewarding experience that exceeded my expectations.

Upon my arrival in the winter of 2021, I attended a hacking talk at a lovely venue called GoTo10. This encounter with the vibrant hacker community in Malmo, Sweden, left a profound impression on me. I was taken aback by the depth and quality of the content shared in these free talks. I was also delighted by the convivial atmosphere, facilitated by shared pizza and beers and an inspiring ethos of knowledge sharing. That day, I shared my aspiration with a good friend – I wanted to be a part of this community, share my passion, and contribute to this vibrant knowledge exchange. One year later, my ambition turned into reality.

In November 2022, I initiated a series of talks focusing on Incident Response in Google Cloud Project (GCP). Despite feeling nervous and apprehensive, my zeal for sharing my experiences in this fascinating field of cybersecurity propelled me to step on the stage. The topics of my talks included:

1. GCP Incident Response (November 2022)

• Challenges of GCP Forensics and Incident Response
• Incident Response Process
• Threat Modeling
• Books and Resources

2. Virtual Instances Attacks (December 2022)

• Incident Response Playbooks
• Compute Log Analysis
• Firewall Logs and Flow Logs
• Network Packet Capture

3. Compromised Credentials / Keys (February 2023)

• API Logging
• Initial Access
• Persistence
• Privilege Escalation

4. Investigating Data Breaches Due to Compromised Buckets (March 2023)

• Google Cloud Buckets
• Cloud Storage Logs

5. GCP Incident Response CTF (June 2023)

In June 2023, I delivered my final talk, a unique and engaging Capture The Flag (CTF) session designed to teach GCP forensics through practical challenges. Although the recording was incomplete, I aim to share related posts to disseminate the knowledge gained during this interactive session in the upcoming months.

Reflecting on this journey, I am immensely grateful to the 2600 Malmö Group, FooCafe, my colleagues, friends, and everyone who supported me during this last two years. This opportunity to share and engage with the hacking community in Sweden has been nothing short of amazing. It reinforced my commitment to continuous learning and reaffirmed my belief in the power of knowledge sharing. This journey has only begun, and I eagerly look forward to where it leads me next.