Posted by admin

Every year Google celebrates the best security issues found in Google Cloud. This year we take a look at the 7 winners to see if we could have found these issues too. Will I regret not having hacked Google last year? This video is sponsored by Google VRP: Follow GoogleVRP Twitter: https://twitter.com/GoogleVRP The GCP Prize Winners of 2022: https://security.googleblog.com/2023/06/google-cloud-awards-313337-in-2022-vrp.html 1. Prize - $133,337: Yuval Avrahami https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/ 2. Prize - $73,331: Sivanesh Ashok and Sreeram KL https://blog.stazot.com/ssh-key-injection-google-cloud/ 3. Prize - $31,337: Sivanesh Ashok and Sreeram KL https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/ 4. Prize - $31,311: Sreeram KL and Sivanesh Ashok https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/ 5. Prize - $17,311: Yuval Avrahami and Shaul Ben Hai https://www.paloaltonetworks.com/resources/whitepapers/kubernetes-privilege-escalation-excessive-permissions-in-popular-platforms Talk: https://www.youtube.com/watch?v=PGsJ4QTlKlQ 6. Prize - $13,373: Obmi https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html 7. Prize - $13,337: Bugra Eskici https://bugra.ninja/posts/cloudshell-command-injection/ Previous Winners: GPC Prize 2019: https://www.youtube.com/watch?v=J2icGMocQds GPC Prize 2020: https://www.youtube.com/watch?v=g-JgA1hvJzA GPC Prize 2021: https://www.youtube.com/watch?v=GvO2Xtx8p9w Chapters: 00:00 - Intro 01:28 - Python Command Injection (Prize 7) 03:01 - XSS, CSRF and NEL Backdoor (Prize 6) 07:04 - Excessive Permissions in k8s DaemonSets (Prize 5) 09:13 - SSRF auth Authorization Token (Prize 4) 10:46 - OAuth Issue (Prize 3) 12:07 - SSH authorized_key Injection (Prize 2) 14:45 - Kubernetes Engine Privilege Escalation (Prize 1) 18:11 - Discussing the Winner 19:25 - What did I learn from the GCP 2022? 20:51 - Outro =[ \u2764\ufe0f Support ]= Get my handwritten font https://shop.liveoverflow.com (advertisement) Checkout our courses on https://hextree.io (advertisement) Support these videos: https://liveoverflow.com/support/ \u2192 per Video: https://www.patreon.com/join/liveoverflow \u2192 per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join 2nd Channel: https://www.youtube.com/LiveUnderflow =[ \ud83d\udc15 Social ]= \u2192 Twitter: https://twitter.com/LiveOverflow/ \u2192 Streaming: https://twitch.tvLiveOverflow/ \u2192 TikTok: https://www.tiktok.com/@liveoverflow_ \u2192 Instagram: https://instagram.com/LiveOverflow/ \u2192 Blog: https://liveoverflow.com/ \u2192 Subreddit: https://www.reddit.com/r/LiveOverflow/ \u2192 Facebook: https://www.facebook.com/LiveOverflow/