# GCP - Stackdriver Enum
{% hint style="success" %}
Learn & practice AWS Hacking: (1) (1) (1).png)
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking:  (1).png)
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
## [Stackdriver logging](https://cloud.google.com/sdk/gcloud/reference/logging/)
[**Stackdriver**](https://cloud.google.com/stackdriver/) is recognized as a comprehensive infrastructure **logging suite** offered by Google. It has the capability to capture sensitive data through features like syslog, which reports individual commands executed inside Compute Instances. Furthermore, it monitors HTTP requests sent to load balancers or App Engine applications, network packet metadata within VPC communications, and more.
For a Compute Instance, the corresponding service account requires merely **WRITE** permissions to facilitate logging of instance activities. Nonetheless, it's possible that an administrator might **inadvertently** provide the service account with both **READ** and **WRITE** permissions. In such instances, the logs can be scrutinized for sensitive information.
To accomplish this, the [gcloud logging](https://cloud.google.com/sdk/gcloud/reference/logging/) utility offers a set of tools. Initially, identifying the types of logs present in your current project is recommended.
```bash
# List logs
gcloud logging logs list
# Read logs
gcloud logging read [FOLDER]
# Write logs
# An attacker writing logs may confuse the Blue Team
gcloud logging write [FOLDER] [MESSAGE]
# List Buckets
gcloud logging buckets list
```
## References
* [https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/#reviewing-stackdriver-logging](https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/#reviewing-stackdriver-logging)
* [https://initblog.com/2020/gcp-post-exploitation/](https://initblog.com/2020/gcp-post-exploitation/)
{% hint style="success" %}
Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}