GCPN
Coming Soon
Expected availability announced soon
This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.
GCPN
The GIAC Cloud Penetration Tester (GCPN) certification equips security professionals with advanced techniques to assess and exploit vulnerabilities across AWS, Azure, GCP, and containerized environments, ensuring robust cloud defenses.
180
Minutes
82
Questions
67/100
Passing Score
$979
Exam Cost
Who Should Take This
Penetration testers with three or more years of hands‑on security testing experience, who regularly evaluate enterprise cloud deployments, should pursue GCPN. It targets professionals aiming to master multi‑cloud attack methodologies, validate container and Kubernetes hardening, and demonstrate expertise to employers and clients seeking comprehensive cloud security assessments.
What's Covered
1
Domain 1: Cloud Penetration Testing Methodology
2
Domain 2: AWS Penetration Testing
3
Domain 3: Azure Penetration Testing
4
Domain 4: GCP Penetration Testing
5
Domain 5: Container and Kubernetes Security Testing
6
Domain 6: Serverless and CI/CD Pipeline Attacks
7
Domain 7: Cloud Security Assessment and Reporting
What's Included in AccelaStudy® AI
Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats
Course Outline
60 learning goals
1
Domain 1: Cloud Penetration Testing Methodology
1 topic
Cloud testing methodology and reconnaissance
- Describe cloud penetration testing methodology phases including scoping, reconnaissance, enumeration, exploitation, post-exploitation, and reporting with cloud-specific considerations at each phase
- Identify cloud provider penetration testing policies and authorization requirements for AWS, Azure, and GCP including scope limitations, prohibited activities, and notification requirements
- Describe cloud shared responsibility models for IaaS, PaaS, and SaaS across AWS, Azure, and GCP and their implications for penetration testing scope and testable attack surface definition
- List cloud-native security services including AWS GuardDuty, Azure Defender, and GCP Security Command Center with their detection capabilities relevant to penetration test evasion planning
- Implement cloud reconnaissance using OSINT, DNS enumeration, certificate transparency logs, and cloud-specific metadata discovery to identify providers, regions, services, and exposed endpoints
- Execute cloud infrastructure enumeration using ScoutSuite, Prowler, and CloudMapper to discover resources, map network topology, and identify security misconfigurations across cloud accounts
- Analyze cloud penetration test scope to identify all testable attack surfaces across compute, storage, networking, identity, and serverless components within shared responsibility boundaries
- Evaluate cloud security posture assessment tool output to prioritize enumerated findings by exploitability, impact, and relevance to the penetration testing engagement objectives
2
Domain 2: AWS Penetration Testing
2 topics
AWS IAM enumeration and escalation
- Describe AWS IAM architecture including users, roles, policies, groups, permission boundaries, SCPs, and the policy evaluation logic for cross-account and service-linked role access
- Identify AWS credential types and exposure vectors including access keys, session tokens, EC2 instance profile credentials, Lambda execution role credentials, and ECS task role credentials
- Implement AWS IAM enumeration using Pacu, enumerate-iam, and AWS CLI to discover attached policies, role trust relationships, permission boundaries, and privilege escalation paths
- Execute AWS privilege escalation techniques including IAM policy manipulation, role chaining, Lambda function abuse, and service-linked role exploitation for elevated access
- Implement AWS STS and cross-account role assumption testing to identify overly permissive trust policies, confused deputy vulnerabilities, and external ID validation weaknesses in role chaining scenarios
AWS service exploitation
- Implement S3 bucket security testing including misconfigured ACLs, bucket policy exploitation, presigned URL abuse, and cross-account access enumeration using S3Scanner and AWS CLI
- Execute EC2 instance exploitation including IMDS v1/v2 credential harvesting, user data script analysis, EBS volume snapshot access, and security group misconfiguration exploitation
- Implement Lambda function security testing including environment variable extraction, layer inspection, function URL exploitation, and execution role privilege analysis for serverless attack chains
- Execute AWS networking exploitation including VPC peering abuse, Transit Gateway misconfiguration, and security group/NACL bypass for cross-VPC lateral movement in multi-account environments
- Implement AWS post-exploitation techniques including CloudTrail evasion, credential persistence through access key creation, and cross-account role assumption for maintaining cloud access
- Analyze AWS penetration test findings to map attack paths across IAM, compute, storage, and networking services and evaluate AWS security control configuration effectiveness
3
Domain 3: Azure Penetration Testing
1 topic
Azure AD and service exploitation
- Describe Azure Entra ID (formerly AAD) architecture including tenants, subscriptions, management groups, RBAC assignments, Conditional Access policies, and PIM for identity attack surface mapping
- Identify Azure credential and token types including OAuth2 access tokens, refresh tokens, managed identity tokens, service principal secrets, and certificate-based authentication mechanisms
- Implement Azure AD enumeration using ROADtools, AzureHound, and Microsoft Graph API to discover tenant configuration, application registrations, service principals, and role assignments
- Execute Azure privilege escalation including RBAC exploitation, managed identity abuse, application consent attacks, and subscription-level permission escalation paths using custom tooling
- Implement Azure storage account security testing including blob container enumeration, SAS token exploitation, access key extraction, and storage account firewall bypass techniques
- Execute Azure Kubernetes Service penetration testing including pod escape, service account token theft, RBAC misconfiguration exploitation, and node-level privilege escalation
- Implement Azure Function and Logic App exploitation including trigger manipulation, managed identity credential theft, and serverless function injection for lateral cloud access
- Analyze Azure penetration test results to evaluate Entra ID security posture, Conditional Access policy effectiveness, and RBAC assignment hygiene across the tenant hierarchy
- Assess Azure multi-tenant security by evaluating cross-tenant access settings, B2B collaboration risks, and external identity provider federation configurations for unauthorized access paths
4
Domain 4: GCP Penetration Testing
1 topic
GCP IAM and service exploitation
- Describe GCP IAM architecture including organizations, folders, projects, service accounts, IAM roles, and the resource hierarchy policy inheritance model for access control decisions
- Implement GCP enumeration using gcloud CLI, ScoutSuite, and custom scripts to discover IAM bindings, service account keys, project metadata, and compute instance configurations
- Execute GCP privilege escalation including service account impersonation, Cloud Functions abuse, Compute Engine metadata exploitation, and IAM policy binding manipulation techniques
- Implement GCP storage and data service testing including Cloud Storage bucket enumeration, BigQuery dataset access testing, and Firestore permission analysis for data exposure assessment
- Execute GCP Compute Engine exploitation including metadata server credential harvesting, startup script analysis, serial console access, and custom image privilege escalation techniques
- Implement GCP Cloud Functions and Cloud Run exploitation including trigger injection, environment variable extraction, and service account credential theft for serverless attack chains
- Analyze GCP penetration test findings to assess organization-level security policy effectiveness, service account hygiene, and resource hierarchy permission inheritance risks
- Implement GCP VPC firewall rule analysis and network path testing to identify overly permissive ingress and egress rules, missing network segmentation, and cloud NAT misconfiguration exploits
5
Domain 5: Container and Kubernetes Security Testing
1 topic
Container and orchestration exploitation
- Describe container security fundamentals including Docker image layers, namespace isolation, cgroup resource limits, seccomp profiles, and AppArmor/SELinux enforcement mechanisms
- Identify Kubernetes security architecture including API server authentication, RBAC authorization, admission controllers, network policies, pod security standards, and service mesh integration
- Describe container registry security including image signing with cosign/Notary, vulnerability scanning integration, admission control policies, and supply chain verification workflows
- Implement container image security testing using Trivy, Grype, and Snyk to identify vulnerable base images, embedded secrets, excessive permissions, and insecure build configurations
- Execute container escape techniques including privileged container breakout, host filesystem mount exploitation, Docker socket access abuse, and kernel capability exploitation from within containers
- Implement Kubernetes penetration testing using kube-hunter, kubectl exploitation, service account token theft, etcd access, and RBAC bypass across managed and self-hosted cluster deployments
- Execute Kubernetes lateral movement through pod-to-pod communication exploitation, service mesh bypass, and cross-namespace access escalation using compromised service account credentials
- Implement container runtime exploitation including runc vulnerabilities, containerd socket access, and CRI exploitation for escaping container isolation to the underlying host node
- Analyze container and Kubernetes security posture by evaluating pod security policies, RBAC configurations, network segmentation, and image supply chain controls against penetration test findings
- Compare managed Kubernetes security across EKS, AKS, and GKE to evaluate provider-specific attack surfaces, default security configurations, and control plane access differences
6
Domain 6: Serverless and CI/CD Pipeline Attacks
1 topic
Serverless exploitation and supply chain attacks
- Describe serverless computing security considerations including function execution context, ephemeral runtime, cold start behavior, event source injection, and shared tenancy risks
- Identify CI/CD pipeline attack surfaces including source code repository compromise, build system poisoning, dependency confusion, artifact registry manipulation, and deployment pipeline hijacking
- Implement serverless function exploitation including event injection through API Gateway, S3, SQS, and SNS triggers for code execution and privilege escalation in AWS Lambda, Azure Functions, and GCP Cloud Functions
- Execute CI/CD pipeline attacks including GitHub Actions workflow poisoning, Jenkins credential extraction, GitLab CI runner compromise, and Terraform state file exploitation
- Implement dependency confusion and supply chain attacks against package registries including npm, PyPI, and container registries for software supply chain compromise demonstration
- Execute Infrastructure-as-Code exploitation including Terraform, CloudFormation, and Bicep template injection, state file secrets extraction, and drift-based privilege escalation techniques
- Analyze serverless and CI/CD attack findings to evaluate pipeline security controls, assess software supply chain risk, and recommend DevSecOps security improvements for build processes
- Assess cloud DevOps security maturity by evaluating secrets management practices, pipeline authentication controls, and deployment approval workflows against penetration test findings
- Implement container registry exploitation including unauthorized image push, tag manipulation, and image layer inspection to identify embedded secrets and vulnerable dependencies in cloud container deployments
7
Domain 7: Cloud Security Assessment and Reporting
1 topic
Cloud security evaluation and reporting
- Implement cloud security baseline assessment using Prowler, ScoutSuite, and CloudSploit to identify misconfigurations, policy violations, and deviations from CIS Benchmark standards across providers
- Execute cloud audit log analysis using CloudTrail, Azure Activity Log, and GCP Cloud Audit Logs to identify compromise indicators and evaluate detection coverage for cloud attack techniques
- Compare cloud provider security models to identify control parity gaps, evaluate provider-specific risk exposure, and assess multi-cloud security architecture effectiveness across AWS, Azure, and GCP
- Evaluate cloud penetration test results to produce risk-prioritized findings with remediation guidance mapped to CIS Benchmarks, cloud provider well-architected frameworks, and industry best practices
- Assess organizational cloud security program maturity by analyzing penetration test finding trends across engagements, evaluating remediation velocity, and recommending strategic security investments
Scope
Included Topics
- All domains covered by the GIAC GCPN certification aligned with SANS SEC588: Cloud Penetration Testing, including cloud methodology, AWS penetration testing (IAM, S3, Lambda, EC2), Azure penetration testing (Entra ID, Storage, AKS), GCP penetration testing, container and Kubernetes security, and serverless/CI/CD pipeline attacks.
- Cloud-specific penetration testing tools including Pacu, ROADtools, AzureHound, ScoutSuite, Prowler, kube-hunter, Trivy, CloudMapper, and cloud provider CLI tools for enumeration, exploitation, and post-exploitation.
- Multi-cloud security assessment covering IAM models, service architectures, and attack surfaces of AWS, Azure, and GCP with cross-provider comparison and risk evaluation methodologies.
- Container and Kubernetes security testing including Docker escape, Kubernetes RBAC exploitation, pod security assessment, container runtime vulnerabilities, and managed Kubernetes service-specific attack vectors.
- CI/CD pipeline and software supply chain attack techniques including dependency confusion, pipeline poisoning, Infrastructure-as-Code exploitation, and DevSecOps security assessment.
Not Covered
- On-premises network penetration testing and Active Directory exploitation at the depth covered by GIAC GPEN or GXPN without cloud integration.
- Cloud architecture design and well-architected framework implementation covered by cloud provider certifications.
- Advanced binary exploitation and memory corruption techniques not applicable to cloud-native penetration testing.
- Cloud compliance audit and governance framework implementation beyond penetration testing scope.
- Digital forensics and incident response in cloud environments covered by GIAC GCFR.
Official Exam Page
Learn more at GIAC Certifications
GCPN is coming soon
Adaptive learning that maps your knowledge and closes your gaps.
Create Free Account to Be Notified