Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.
Filmed for the Dark Reading News Desk at Black Hat Virtual. Excerpts below.
DYLAN AYREY: The [Google Cloud Platform] ActAs permission is a permission that can be used to attach an identity to a resource that you’ve provisioned. So it can be used by an attacker because if one identity that an attacker has control over can itself attach other identities to resources that the attacker would [then] have full control over, then they can use that to elevate their permissions. ...
ALLISON DONOVAN: There are a few different cool ways to mitigate these problems from the start to try to take a proactive approach to securing your [identity and access management] around your resources in GCP. One really cool mitigation that we were working with GCP on … providing platform-level configurations that enabled you to remove IAM permissions from some of the default identities that are created in GCP – specifically the Compute Engine service account and the App Engine service accounts.
Related content:
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024