One Port to Serve Them All - Google GCP Cloud Shell Abuse
Offered By: BSidesLV via YouTube
Course Description
Overview
Explore a critical security vulnerability in Google Cloud Platform's Cloud Shell feature in this 17-minute conference talk from BSidesLV. Delve into an abuse methodology that exploits an unexpected public-facing port, allowing attackers to bypass Google authentication and potentially leak data, deliver malicious content, or pivot attack traffic through the Google network. Learn how the manipulation of Linux Netfilter's NAT table can be used to serve various internally running services within the Cloud Shell container to the public, despite the instance's short lifespan. Gain insights into the security risks associated with granting excessive permissions in cloud environments and understand the implications for both administrators and developers using cloud service providers.
Syllabus
Common Ground, Wed, Aug 7, 16:30 - Wed, Aug 7, CDT
Taught by
BSidesLV
Related Courses
Don't Ruck Us Too Hard - Owning All of Ruckus AP Devicesnullcon via YouTube Attacking ADFS Endpoints with PowerShell
YouTube Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond
Black Hat via YouTube 200+ Vulnerabilities in Android Phones
Hack In The Box Security Conference via YouTube Systems Applications Proxy Pwnage
44CON Information Security Conference via YouTube