Getting Started with Cloud Pentesting ft. Scott Weston

Episode No: 77

In this episode of Scale To Zero Podcast, our guest speaker Scott Weston walks us through the broader landscape of cloud pentesting, including the tool "GCPwn" which is developed by Scott himself.

Whether you're a seasoned security professional or just starting your journey, this podcast offers valuable insights and practical advice.
Cloud pentesting

You can read the complete transcript of the epiosde here >

Learnings from the podcast

  1. gcpwn (modeled after Pacu) is a great tool for pentesting covering enumeration and lateral movement. There are many more capabilities coming up soon with support for more Services and APIs.
  2. Annual Pen Testing is a good start. But, pentesting should be as close to continuous as possible. It helps organizations stay up to date with their Attack Surface.
  3. When starting to pentest, start with IAM. It connects all other services together and the most impactful. For environments, create a seggregated cloud environment for pentesting and tear it down once it’s not used anymore.

Learning resources recommended by Scott Weston

  1. gcpwn

    gcpwn was a tool built by Scott himself when he was learning Google Cloud Platform and leverages the newer GRPC client libraries

    You can check gcpwn tool on GitHub >



  2. Scout Suite

    Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.

    Check Scout Suite on GitHub >



  3. CloudFoxable

    A gamified cloud hacking sandbox from the cloud penetration testing team at BISHOPFOX

    Link to CloudFoxable >



  4. PWNedLabs

    Experience, real-world, byte sized cloud security labs for training cyber warriors. From beginners to pros, their engaging platform allows security practitioners to secure defenses, ignite career and stay ahead of threats.

    Link to CloudFoxable >



  5. Hack The Box

    HTB is the leading Cybersecurity Performance Center for advanced frontline teams to aspiring security professionals & students. Start driving peak cyber performance.

    Link to Hack The Box >

Insights from Cloudanix

threat modeling

What is Google Kubernetes Engine?

Understand what is Google Kubernetes Engine (GKE) and gain in depth insights on use cases, resources, best practices, and steps to configure your cloud.

Read more >
Cloud compliance checklist - Cloudanix

Checklist for you

A collection of several free checklists for you to use. You can customize, stack rank, backlog these items and share with your other team members.

Go to checklists
Cloudanix Documentation

Cloudanix docs

Cloudanix offers you a single dashboard to secure your workloads. Learn how to setup Cloudanix for your cloud platform from our documents.

Take a look
Monthly changelog

Monthly Changelog

Level up your experience! Dive into our latest features and fixes. Check monthly updates that keep you ahead of the curve.

Take a look
Learn repository

Blogs

Stay informed and ensure that you are protecting your business from the latest threats and updates.

Read more