Exploiting Google Cloud Platform With Ease
Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
Filmed for the Dark Reading News Desk at Black Hat Virtual. Excerpts below.
DYLAN AYREY: The [Google Cloud Platform] ActAs permission is a permission that can be used to attach an identity to a resource that you’ve provisioned. So it can be used by an attacker because if one identity that an attacker has control over can itself attach other identities to resources that the attacker would [then] have full control over, then they can use that to elevate their permissions. ...
ALLISON DONOVAN: There are a few different cool ways to mitigate these problems from the start to try to take a proactive approach to securing your [identity and access management] around your resources in GCP. One really cool mitigation that we were working with GCP on … providing platform-level configurations that enabled you to remove IAM permissions from some of the default identities that are created in GCP – specifically the Compute Engine service account and the App Engine service accounts.
Related content:
Read more about:
Black Hat NewsAbout the Author
You May Also Like
Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024