Jun 03, 2026
GCP Beginner Path
Phase 6 notes: Google Cloud Storage exposure, hidden file discovery, SSRF, Gopher bypasses, metadata service access, and GCP initial access.
research
Phase 6 — GCP Beginner Path
Phase Summary
Completed 2 Red Team labs focused on Google Cloud Storage exposure and SSRF-based GCP initial access.
Do these after AWS and Azure basics.
Learning Objectives
- Understand Google Cloud Storage exposure and object discovery limits.
- Practice finding hidden files when bucket listing is restricted.
- Exploit SSRF paths that target cloud metadata services.
- Learn how Gopher can bypass some SSRF protections.
- Compare GCP initial-access patterns against AWS and Azure cloud workflows.
Lab Path
| Order | Lab | Type | Summary |
|---|---|---|---|
| 28 | Reveal Hidden Files in Google Storage | 🔴 Red | Misconfigured Google Cloud Storage and hidden file exposure. |
| 29 | Exploit SSRF with Gopher for GCP Initial Access | 🔴 Red | SSRF + Gopher protocol → GCP metadata access. |
Key Knowledge After Phase 6
- Google Cloud Storage exposure is not always obvious, because object access can still leak data even when bucket listing is denied.
- Hidden file discovery matters in cloud storage testing, especially for backups, archives, source bundles, and configuration files.
- SSRF can become cloud initial access when an application can reach a metadata service from a trusted network position.
- Gopher support can weaken SSRF defenses by allowing crafted protocol-level requests through unexpected URL handlers.
- GCP metadata access requires platform-specific knowledge, including metadata endpoints, headers, tokens, and resource enumeration.
- Cross-cloud comparison improves judgment, because AWS, Azure, and GCP share patterns but differ in identity, metadata, and storage behavior.