GITBOOK-535: change request with no subject merged in GitBook

SUMMARY.md

@@ -126,7 +126,7 @@
     * [GCP - Cloud Run Enum](pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-run-enum.md)
     * [GCP - Cloud SQL Enum](pentesting-cloud/gcp-security/gcp-services/gcp-cloud-sql-enum.md)
     * [GCP - Compute Enum](pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/README.md)
-      * [GCP - Compute Instance](pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/gcp-compute-instance.md)
+      * [GCP - Compute Instances](pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/gcp-compute-instance.md)
       * [GCP - VPC & Networking](pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/gcp-vpc-and-networking.md)
     * [GCP - Containers, GKE & Composer Enum](pentesting-cloud/gcp-security/gcp-services/gcp-containers-gke-and-composer-enum.md)
     * [GCP - Databases Enum](pentesting-cloud/gcp-security/gcp-services/gcp-databases-enum/README.md)

pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/README.md

@@ -68,10 +68,10 @@ You easily find compute instances with open firewall rules with [https://gitlab.
 
 ## Compute instances
 
-These are the way you can **run virtual machines inside GCP.**
+This is the way you can **run virtual machines inside GCP.** Check this page for more information:
 
-{% content-ref url="./" %}
-[.](./)
+{% content-ref url="gcp-compute-instance.md" %}
+[gcp-compute-instance.md](gcp-compute-instance.md)
 {% endcontent-ref %}
 
 ### Enumeration

pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/gcp-compute-instance.md

@@ -1,4 +1,4 @@
-# GCP - Compute Instance
+# GCP - Compute Instances
 
 <details>
 
@@ -14,6 +14,10 @@ Other ways to support HackTricks:
 
 </details>
 
+## Basic Information
+
+Google Cloud Compute Instances are **customizable virtual machines on Google's cloud infrastructure**, offering scalable and on-demand computing power for a wide range of applications. They provide features like global deployment, persistent storage, flexible OS choices, and strong networking and security integrations, making them a versatile choice for hosting websites, processing data, and running applications efficiently in the cloud.
+
 ### Confidential VM
 
 Confidential VMs use **hardware-based security features** offered by the latest generation of AMD EPYC processors, which include memory encryption and secure encrypted virtualization. These features enable the VM to protect the data processed and stored within it from even the host operating system and hypervisor.
@@ -31,7 +35,8 @@ It's possible to **select the disk** to use or **create a new one**. If you sele
 
 ### Deploy Container
 
-It's possible to deploy a container inside the created virtual machine and configure several options for this container like execute as privileged, stdin, pseudo TTY...
+It's possible to deploy a **container** inside the virtual machine.\
+It possible to configure the **image** to use, set the **command** to run inside, **arguments**, mount a **volume**, and **env variables** (sensitive information?) and configure several options for this container like execute as **privileged**, stdin and pseudo TTY.
 
 ### Service Account
 
@@ -49,31 +54,39 @@ And the **default access scopes** are the following:
 
 However, it's possible to **grant it `cloud-platform` with a click** or specify **custom ones**.
 
+<figure><img src="../../../../.gitbook/assets/image (138).png" alt=""><figcaption></figcaption></figure>
+
 ### Firewall
 
-It's possible to allow HTTP and HTTPS traffic
+It's possible to allow HTTP and HTTPS traffic.
+
+<figure><img src="../../../../.gitbook/assets/image (137).png" alt=""><figcaption></figcaption></figure>
 
-### IP Forwarding
+### Networking
 
-It's possible to **enable IP forwarding** from the creation of the instance.
+* **IP Forwarding**: It's possible to **enable IP forwarding** from the creation of the instance.
+* **Hostname**: It's possible to give the instance a permanent hostname.
+* **Interface**: It's possible to add a network interface
 
 ### Extra Security
 
 These options will **increase the security** of the VM and are recommended:
 
-* **Secure boot**
-* **Enable vTPM**
-* **Integrity supervision**
+* **Secure boot:** Secure boot helps protect your VM instances against boot-level and kernel-level malware and rootkits.
+* **Enable vTPM:** Virtual Trusted Platform Module (vTPM) validates your guest VM pre-boot and boot integrity, and offers key generation and protection.
+* **Integrity supervision:** Integrity monitoring lets you monitor and verify the runtime boot integrity of your shielded VM instances using Stackdriver reports. Requires vTPM to be enabled.
 
 ### VM Access
 
-The common way to enable access to the VM is by **allowing certain SSH public keys** to allow the VM.\
+The common way to enable access to the VM is by **allowing certain SSH public keys** to access the VM.\
 However, it's also possible to **enable the access to the VM vial `os-config` service using IAM**. Moreover, it's possible to enable 2FA to access the VM using this service.\
 When this **service** is **enabled**, the access via **SSH keys is disabled.**
 
+<figure><img src="../../../../.gitbook/assets/image (139).png" alt=""><figcaption></figcaption></figure>
+
 ### Metadata
 
-It's possible to define **userdata**: **Shell commands** that will be executed every time the machine turns on or restarts.
+It's possible to define **automation** (userdata in AWS) which are **shell commands** that will be executed every time the machine turns on or restarts.
 
 It's also possible to **add extra metadata key-value values** that are going to be accessible from the metadata endpoint. This info is commonly used for environment variables and startup/shutdown scripts. This can be obtained using the **`describe` method** from a command in the enumeration section, but it could also be retrieved from the inside of the instance accessing the metadata endpoint.
 
@@ -87,10 +100,16 @@ curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?re
     -H "Metadata-Flavor: Google"
 ```
 
-Moreover, **auth token for the attached service account** and **general info** about the instance, network and project is also going to be available from the **metadata endpoint**. For more info check:&#x20;
+Moreover, **auth token for the attached service account** and **general info** about the instance, network and project is also going to be available from the **metadata endpoint**. For more info check:
 
 {% embed url="https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#6440" %}
 
+### Encryption
+
+A Google-managed encryption key is used by default a but a Customer-managed encryption key (CMEK) can be configured. You can also configure what to do when the used CMEF is revoked: Noting or shut down the VM.
+
+<figure><img src="../../../../.gitbook/assets/image (140).png" alt=""><figcaption></figcaption></figure>
+
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/gcp-vpc-and-networking.md

@@ -17,7 +17,7 @@ Other ways to support HackTricks:
 ## **GCP Compute Networking in a Nutshell**
 
 **VPCs** contains **Firewall** rules to allow incoming traffic to the VPC. VPCs also contains **subnetworks** where **virtual machines** are going to be **connected**.\
-Comparing with AWS, **Firewall** would be the **closest** thing to **Security Groups**, but in this case these are **defined in the VPC** and not in each instance.
+Comparing with AWS, **Firewall** would be the **closest** thing to **AWS** **Security Groups and NACLs**, but in this case these are **defined in the VPC** and not in each instance.
 
 ## **VPC, Subnetworks & Firewalls in GCP**