Exploiting identity and access misconfigurations in GCP to gain access to sensitive secrets, Decoding keys and using them to bypass authentication barriers, Enumerating and abusing Cloud Run, GCP Secrets Manager, and IAM permissions, Pivoting from GCP to AWS through OIDC-based federated identity impersonation, Assuming AWS roles and escalating privileges by chaining multiple trust relationships, Interacting with AWS services such as S3, EC2, and SSM to extract and decrypt sensitive files, Leveraging in-cloud privilege escalation to discover and use advanced credentials, Re-pivoting from AWS back to GCP using credentials exfiltrated during the attack path, Impersonating high-privilege service accounts within GCP to access restricted buckets and systems, Gaining interactive access to a target GCP-hosted machine and bypassing local privilege protections