Skip to content

Writeups

GCP

Link Notes
Privilege Escalation in Google Cloud Platform Source for privilege escalation techniques
GCP Service Account-based Privilege Escalation paths The Praetorian team uncovered a GCP risk scenario in which privileges in a compromised service can be used to further escalate privileges
GCP OAuth Token Hijacking in Google Cloud If an attacker compromises an engineer's workstation, they can easily steal and abuse cached credentials, even if MFA is enabled (Part 1, Part 2)
Attacking and defending the GCP metadata API This repo gives an overview of some GCP metadata API attack and defend patterns

GSuite

Link Notes
Hacking G Suite: The Power of Dark Apps Script Magic Utilizing Apps Script to exploit G Suite
Back to top