From 2bb129291247eee3f6f619313fe6b2fb1a622e89 Mon Sep 17 00:00:00 2001
From: Ben <93559326+AI-redteam@users.noreply.github.com>
Date: Mon, 9 Feb 2026 16:16:44 -0600
Subject: [PATCH] Remove countermeasures from GCP privilege escalation doc

Removed countermeasures section from GCP privilege escalation documentation.
---
 .../gcp-cloud-workstations-privesc.md                       | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloud-workstations-privesc.md b/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloud-workstations-privesc.md
index a0019a234..57cd6bc39 100644
--- a/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloud-workstations-privesc.md
+++ b/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloud-workstations-privesc.md
@@ -105,11 +105,5 @@ nmap -sS -p 80,443,22 10.0.0.0/8
 
 </details>
 
-**Countermeasures:**
-
-* Disable "Running as root" in the Workstation Configuration
-* Do not mount `/var/run/docker.sock` — use remote builders (e.g., Cloud Build) instead
-* Assign a **custom service account** with minimal permissions to workstation configurations (e.g., `roles/source.reader`, `roles/artifactregistry.reader`)
-* Place the workstation project inside a **VPC Service Controls** perimeter