Skip to content

Writeups

GCP

Link Notes
Privilege Escalation in Google Cloud Platform Source for privilege escalation techniques
GCP Service Account-based Privilege Escalation paths The Praetorian team uncovered a GCP risk scenario in which privileges in a compromised service can be used to further escalate privileges
GCP OAuth Token Hijacking in Google Cloud If an attacker compromises an engineer's workstation, they can easily steal and abuse cached credentials, even if MFA is enabled (Part 1, Part 2)
Attacking and defending the GCP metadata API This repo gives an overview of some GCP metadata API attack and defend patterns
Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments Deep-dive into manual post-exploitation tactics and techniques for GCP

GSuite

Link Notes
Hacking G Suite: The Power of Dark Apps Script Magic Utilizing Apps Script to exploit G Suite