Offensive GCP Operations and Tactics Certification by White Knight Labs - Chirag Savla & Jay Pandya - DCTLV2026

Name of Training: Offensive GCP Operations and Tactics Certification by White Knight Labs 
Trainer(s): Chirag Savla & Jay Pandya
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm 
Venue: Las Vegas Convention Center
Cost: $2,500 (USD)

Short Summary:

Master the art of attacking and defending Google Cloud Platform environments. The Offensive GCP Operations and Tactics Certification (OGOTC) course teaches real-world red-team tactics, privilege escalation, and misconfiguration exploitation in GCP through hands-on labs with lifetime access. Learn to think like an adversary and protect your cloud assets effectively.

Course Description:

Offensive GCP Operations & Tactics (OGOTC) is an advanced, hands-on training course designed to provide security professionals, penetration testers, and cloud engineers with a deep understanding of the security landscape within Google Cloud Platform (GCP). This course covers the full attack lifecycle, from initial access to post-exploitation, equipping participants with the skills to identify, exploit, and defend against real-world vulnerabilities in GCP environments.

The course begins with an overview of GCP architecture, focusing on key services like Compute Engine, Cloud Storage, BigQuery, and Cloud Run. Participants will learn how to perform both unauthenticated and authenticated enumeration using techniques such as API abuse, DNS reconnaissance, and Google Dorking. The course then explores initial access methods, including credential theft, phishing (Evilginx), and misconfigured IAM roles. Hands-on labs will demonstrate privilege escalation, lateral movement through service accounts, and data exfiltration using GCP services.

Participants will also explore command and control (C2) strategies using GCP services and discover how to abuse metadata servers for escalation. Advanced modules cover Kubernetes exploitation, including pod compromise and privilege abuse within clusters. The course concludes with defensive strategies, showing how to harden IAM policies, secure APIs, and prevent privilege escalation.

Course Outline: 

1. Introduction to Offensive GCP - Overview of GCP architecture, IAM, and core services.
2. Enumeration - Identifying public resources, mapping IAM roles, and API abuse.
3. Initial Access - Gaining access via leaked credentials, phishing, and misconfigurations.
4. Post-Exploitation - Data exfiltration, persistence, and C2 techniques.
5. Lateral Movement - Exploiting service account impersonation and privilege abuse.
6. Hacking Kubernetes - Compromising and escalating privileges within Kubernetes clusters.
7. Privilege Escalation and GCP Abuse - Escalating access through IAM misconfigurations and metadata server exploitation.
8. Configuration Assessment - Follow the CIS benchmark to configure the GCP environment.

Difficulty Level:

Intermediate to Advanced

Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Advanced Definition - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.

Suggested Prerequisites:

• Basic Cloud Knowledge - Understanding of cloud technology and GCP fundamentals.
• Familiarity with Scripting - Basic knowledge of GCloud CLI, Python.
• Willingness to Learn - A strong motivation to engage with self-directed materials and perform hands-on exercises.

What Students Should Bring: 

Participants should bring a laptop with wireless card to access event's Wi-Fi and equipped with a minimum of 8GB RAM.

Pre-work: GCP Account with Billing Account Attached and a Project.

What the Trainer Will Provide:

• All the course materials, code snippets, custom scripts, etc; will be provided to the students including the lab manual to solve the individual challenges.
  
• Life time access to the Student portal to deploy the lab and individual challenges for practice.

Trainer(s) Bio:

Chirag Savla is a cyber security professional with 10+ years of experience. His areas of interest include penetration testing, red teaming, azure and active directory security, and post- exploitation research. For fun, he enjoys creating open-source tools and exploring new attack methodologies in his leisure. Chirag has worked extensively on Azure, Active Directory attacks and defense, and bypassing detection mechanisms. He is the author of multiple open-source tools such as Process Injection, Callidus, and others. He has presented at many conferences and local meetups and has trained people in international conferences like Blackhat, BSides Milano, Wild West Hackin’ Fest, HackSpaceCon, VulnCon etc.

Jay Pandya has 6 years of experience in vulnerability research, expertise spans in Windows kernel exploitation, penetration testing, red teaming, rootkit development, and cloud security. I specialize in identifying zero-day vulnerabilities and researching n-day exploits. My work includes analysing Windows kernel drivers, reversing binaries, and automating security assessments. I am also focus on Google Cloud security, exploring misconfigurations, identifying privilege escalation, and data exposure risks. Additionally, I enjoy writing technical blogs to share insights from my research, focusing on novel attack methodologies, exploit development, and cloud security weaknesses.

Registration Terms and Conditions: 

Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after August 5, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.