C-GCP-SA-KEY-CREATEPrivilege Escalation

GCP iam.serviceAccountKeys.create

Create a permanent JSON key for a higher-priv service account — works as long as no key-rotation policy kicks in.

§ Where this technique fits

C-GCP-SA-KEY-CREATE is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 5 on average.

§ Dossiers chaining this technique

GCP service account impersonation chain → project owner
Compromised low-priv SA has iam.serviceAccounts.getAccessToken on an intermediate SA; hop through 2-3 impersonations until you reach a project Owner.
step 5 / 6

§ What commonly comes next

01
GCP Service Account Backdoor Key
C-GCP-IAM-BACKDOOR · Persistence
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

GCP service account impersonation chain → project owner

§ What commonly comes next