Have you ever wondered how to see what your K8S pod is doing in your GCP project? What about your AWS role integration? Did you see in your GCP cloud audit logs the event getAccessToken and didn't know what it is all about? Join us for a journey into the heart of Google Cloud Platform (GCP) authentication, where we'll unravel the mysteries within GCP audit logs. In this session, we'll delve into the complexities of principal identification and authentication mechanisms. Through real-world examples and practical demonstrations, you'll gain invaluable insights into deciphering audit logs to detect authentication methods and uncover the true identities behind cloud actions. Whether you're a seasoned cloud security expert or an eager learner, this lecture promises to equip you with the knowledge and skills needed to navigate the intricate landscape of GCP.