Blogs/Research
- Hacking the cloud
- Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments
- Privilege Escalation in Google Cloud Platform – Part 1 (IAM)
- Privilege Escalation in Google Cloud Platform – Part 2 (Non-IAM)
- RCE to IAM Privilege Escalation in GCP Cloud Build
- Using K3s for command and control on compromised Linux hosts
- Attacking Default Installs of Helm on Kubernetes
- Introduction to GKE Kubelet TLS Bootstrap Privilege Escalation
- Google Cloud Platform (GCP) Service Account-based Privilege Escalation paths
- Bypassing and exploiting Bucket Upload Policies and Signed URLs
- Google Cloud (over)Run: How a free trial experiment ended with a $72,000 bill overnight
- GCP OAuth Token Hijacking in Google Cloud – Part 1
- GCP OAuth Token Hijacking in Google Cloud—Part 2
- The Power of Kubernetes RBAC LIST
- Security Logging in Cloud Environments - GCP
- Security checklist for cloud workload protection
- Exploiting weak configurations in Google Cloud Identity Platform
- How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit
Tools
Defensive
- ScoutSuite: Multi-Cloud Security Auditing Tool
- cs-suite: One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
- forseti-security: A community-driven collection of open source tools to improve the security of your Google Cloud Platform environments.
- gcp-iam-collector - Python script for collecting and visualising Google Cloud Platform IAM permissions
- Security Response Automation - automated actions on your Security Command Center.
Offensive
- Cloud Security Scanner
- G-Scout: Google Cloud Platform Security Tool
- gcp-iam-collector - Python script for collecting and visualising Google Cloud Platform IAM permissions