Hacking Google Cloud?

Published: 22 June 2023
on channel: LiveOverflow

124,446

4.7k

Every year Google celebrates the best security issues found in Google Cloud. This year we take a look at the 7 winners to see if we could have found these issues too. Will I regret not having hacked Google last year?

This video is sponsored by Google VRP:
Follow GoogleVRP Twitter:   / googlevrp

The GCP Prize Winners of 2022:
https://security.googleblog.com/2023/...

1. Prize - $133,337: Yuval Avrahami https://unit42.paloaltonetworks.com/g...
2. Prize - $73,331: Sivanesh Ashok and Sreeram KL https://blog.stazot.com/ssh-key-injec...
3. Prize - $31,337: Sivanesh Ashok and Sreeram KL https://blog.stazot.com/auth-bypass-i...
4. Prize - $31,311: Sreeram KL and Sivanesh Ashok https://blog.geekycat.in/client-side-...
5. Prize - $17,311: Yuval Avrahami and Shaul Ben Hai https://www.paloaltonetworks.com/reso... Talk:    • Trampoline Pods: Node to Admin PrivEs...
6. Prize - $13,373: Obmi https://obmiblog.blogspot.com/2022/12...
7. Prize - $13,337: Bugra Eskici https://bugra.ninja/posts/cloudshell-...

Previous Winners:
GPC Prize 2019:    • $100k Hacking Prize - Security Bugs i...
GPC Prize 2020:    • Hacking into Google's Network for $13...
GPC Prize 2021:    • Could I Hack into Google Cloud?

Chapters:
00:00 - Intro
01:28 - Python Command Injection (Prize 7)
03:01 - XSS, CSRF and NEL Backdoor (Prize 6)
07:04 - Excessive Permissions in k8s DaemonSets (Prize 5)
09:13 - SSRF auth Authorization Token (Prize 4)
10:46 - OAuth Issue (Prize 3)
12:07 - SSH authorized_key Injection (Prize 2)
14:45 - Kubernetes Engine Privilege Escalation (Prize 1)
18:11 - Discussing the Winner
19:25 - What did I learn from the GCP 2022?
20:51 - Outro

=[ ❤️ Support ]=

Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)

Support these videos: https://liveoverflow.com/support/

→ per Video:   / liveoverflow
→ per Month:    / @liveoverflow

2nd Channel:    / liveunderflow

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok:   / liveoverflow_
→ Instagram:   / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow
→ Facebook:   / liveoverflow

Watch video Hacking Google Cloud? online without registration, duration hours minute second in high quality. This video was added by user LiveOverflow 22 June 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 124,446 once and liked it 4.7 thousand people.

11,053