Red Team Tactics for Cracking the GSuite Perimeter

As more corporations adopt Google for providing cloud services they are also inheriting the security risks associated with centralized computing, email and data storage outside the perimeter. In order for pentesters and red teamers to remain effective in analyzing security risks, they must adapt techniques in a way that brings value to the customer.

In this presentation we will begin by demonstrating adaptive techniques to crack the perimeter of Google Suite customers. Next, we will show how evasion can be accomplished by hiding in plain-sight due to failures in incident response plans. Finally, we will also show how a simple compromise could mean collateral damage for customers who are not carefully monitoring these cloud environments.

Mike Felch - @ustayready

Mike is currently a red teamer / pentester for Black Hills Information Security. He began his career in 1997 as a Linux Administrator which eventually led to numerous offensive security roles, software development and hardware/software security research. Mike is also a lead forensics instructor for TeelTech, an Officer for OWASP Orlando (Chief Breaker) and an organizer for BSides Orlando.