Summary
Everything you need to create a GCP network to practice pentesting can be done with the services in the GCP free tier. Just make sure you check your billing in the GCP web console to make sure you aren’t incurring charges.
You may need to set up a Google Workspace or Cloud Identity account to get the most out of GCP. That includes using SCC. SCC is your starting point for all of the security tools that are built into GCP. It integrates various first-party GCP security tools. You can use SCC to check for some threats, vulnerabilities, and security recommendations based on Google’s threat intelligence. As with running third-party pentesting tools, SCC may provide you with useful information that you can use in your pentest report.
Just like with AWS and Azure, Prowler can be used to scan for vulnerabilities and regulatory compliance in GCP. We ran a Prowler vulnerability scan at the command line in Cloud Shell.
GCPBucketBrute checks whether attackers can...
