Learn to decipher Google Cloud Platform (GCP) authentication mechanisms and audit logs in this 22-minute security conference talk from fwd:cloudsec. Explore how to identify actions performed by Kubernetes pods, AWS role integrations, and various authentication methods within GCP projects. Senior Security Researcher Gavriel Fried draws from extensive experience in UEBA, deception, network analysis, red teaming, and digital forensics to demonstrate practical techniques for uncovering the true identities behind cloud activities. Gain essential knowledge about interpreting getAccessToken events and other critical audit log entries while developing skills to effectively monitor and secure GCP environments through real-world examples and hands-on demonstrations.