BSidesSLC has ended
Back To Schedule
Friday, February 22 • 4:00pm - 4:30pm
It's all in the Cloud: Red Teaming GCP (Google Cloud Platform)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Cloud services are frequently misconfigured due to their rapid adoption and engineers not fully understanding the security ramifications of different configurations, which can frequently enable red teams to gain, expand, and persist access within Google Cloud Platform (GCP) environments. In this talk we will dive into how GCP services are commonly breached (e.g. SSRF vulnerabilities, discovering insecure cloud storage), and then show how attackers are expanding access within Docker & Kubernetes (K8s) environments (e.g. CVEs, insecure daemons). Finally we will demonstrate some unique techniques for persisting access within GCP environments for prolonged periods of time!

avatar for Bryce Kunz

Bryce Kunz

Bryce Kunz (@TweekFawkes) loves researching and red teaming bleeding edge IT services. Bryce is currently the Chief Hacker & President at Stage2Sec.com where he released various open source tools (e.g. soMeta, lolrusLove, yupPhrasing, etc…) and has contributed several modules to... Read More →

Friday February 22, 2019 4:00pm - 4:30pm PST
Clipper Peak