Hacking Google Cloud?
Рет қаралды 122,911
Күн бұрынEvery year Google celebrates the best security issues found in Google Cloud. This year we take a look at the 7 winners to see if we could have found these issues too. Will I regret not having hacked Google last year?
This video is sponsored by Google VRP:
Follow GoogleVRP Twitter: / googlevrp
The GCP Prize Winners of 2022:
security.googleblog.com/2023/...
1. Prize - $133,337: Yuval Avrahami unit42.paloaltonetworks.com/g...
2. Prize - $73,331: Sivanesh Ashok and Sreeram KL blog.stazot.com/ssh-key-injec...
3. Prize - $31,337: Sivanesh Ashok and Sreeram KL blog.stazot.com/auth-bypass-i...
4. Prize - $31,311: Sreeram KL and Sivanesh Ashok blog.geekycat.in/client-side-...
5. Prize - $17,311: Yuval Avrahami and Shaul Ben Hai www.paloaltonetworks.com/reso... Talk: • Trampoline Pods: Node ...
6. Prize - $13,373: Obmi obmiblog.blogspot.com/2022/12...
7. Prize - $13,337: Bugra Eskici bugra.ninja/posts/cloudshell-...
Previous Winners:
GPC Prize 2019: • $100k Hacking Prize - ...
GPC Prize 2020: • Hacking into Google's ...
GPC Prize 2021: • Could I Hack into Goog...
Chapters:
00:00 - Intro
01:28 - Python Command Injection (Prize 7)
03:01 - XSS, CSRF and NEL Backdoor (Prize 6)
07:04 - Excessive Permissions in k8s DaemonSets (Prize 5)
09:13 - SSRF auth Authorization Token (Prize 4)
10:46 - OAuth Issue (Prize 3)
12:07 - SSH authorized_key Injection (Prize 2)
14:45 - Kubernetes Engine Privilege Escalation (Prize 1)
18:11 - Discussing the Winner
19:25 - What did I learn from the GCP 2022?
20:51 - Outro
=[ ❤️ Support ]=
Get my handwritten font shop.liveoverflow.com (advertisement)
Checkout our courses on hextree.io (advertisement)
Support these videos: liveoverflow.com/support/
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
@d3caii 11 ай бұрын
"Yep, I regret not hacking xyz" is something I tell myself everytime i see a writeup on the internet for anything :(. If only there was a easy way to fix my laziness/procrastination
@Timm2003 11 ай бұрын
If u found a way pls let me know 😑
@Nunya58294 11 ай бұрын
It's called don't be an idiot.
@nabilrise1551 11 ай бұрын
isn't that our biggest enemy ... our own procrastination
@Maxjoker98 11 ай бұрын
Amphetamines. Cocaine. I'm kidding of course, these are at best short-term motivators. If you want to adopt a new behavior intentionally, one of the most important things is long-term motivation. You need to think "If only I did X, I'd be a little closer to goal Y", where Y is a goal that you can reach by continuously working on X.
@whannabi 11 ай бұрын
@@Maxjoker98Adderall, Xanax. I'm not kidding tho. Just kidding ha ha...!
@gagep.7017 11 ай бұрын
Its always funny seeing some of the vulnerabilities in these bugbounties are so simple its baffling. "ah that would never work its so simple those engineers probably have 20 checks on it" Hindsight 2020 i guess after the fact
@kyle8575 11 ай бұрын
Obviously outsiders can’t comment on the work environment, but if I had to guess it’s like this. 1) Google wants a new feature 2) Timeline is really short or engineers take their sweet time to procrastinate then rush it out 3) Lacks proper checks and review 4) Goes to production
@Golden2Talon 11 ай бұрын
yeah i always hear what kind of amazing engineer you have to be to work at FAANG and I guess 100 PhDs will block everything I do.... then I see this
@jeffwells641 11 ай бұрын
I think it's more likely just the fact that they are always trying to improve, and therefore always changing. The more you change, the more likely it is someone will make a mistake or two systems will interact in a way that will open one or the other up to a vulnerability that was formerly not possible. That's why the Google Cloud hacking competition is brilliant - for about the cost of a single software engineer, Google gets thousands of talented individuals discovering weaknesses in their system, most of which a Google engineer can then fix in like 5 minutes.
@amunak_ 11 ай бұрын
It's also just that there's just *so much code* and *so many people* that things slip through easily.
@MegaTomPL2 11 ай бұрын
its like puzzle
@logiciananimal 11 ай бұрын
I think it is wonderful that Google is paying for third party research, made publicly available, not "just" bug hunting.
@mollthecoder 10 ай бұрын
It's better to pay a few thousand for a bug to be responsibly disclosed then it be used maliciously and potentially cause millions in damage
@test-rj2vl 10 ай бұрын
@@mollthecoder Yep, that is true. If they don't pay, someone else will.
@monad_tcp 9 ай бұрын
I don't think they are either bug hunting or doing user experience or anything on GCP because ITS AWFUL, that's why its cheaper than AWS or Azure
@monad_tcp 9 ай бұрын
@@mollthecoder " potentially cause millions in damage" is anything serious using GCP ?
@Maxjoker98 11 ай бұрын
I'm very surprised. At least 2 of these bugs could have been found by using a very basic bad-string library on the APIs arguments.
@ALZlper 11 ай бұрын
As long as you see this fix as a swiss cheese slice
@ArthurSchoppenweghauer 11 ай бұрын
Love how all of the prizes are variations on 1337.
@chill_melodies 11 ай бұрын
all Google bounties have 1,3 and 7 always
@mathijsfrank9268 11 ай бұрын
It would be an interesting video idea if you film the process of finding an actual vulnerability in something like Google cloud (if you actually manage to find one). Which you can release once the party has had time to fix it. It would give a more real world example of how you go about finding vulnerabilities that isn't just capture the flag.
@expandingsalad786 11 ай бұрын
I don't remember which videos specifically, but I'm 99% sure he's done almost exactly this
@justind4615 11 ай бұрын
@@expandingsalad786 can you name me 1 video pls
@andrekz9138 11 ай бұрын
Finding bug bounties at this level is like panning for gold.
@creatorofimages7925 11 ай бұрын
Was exposed to Kubernetes Clusters in my work. I think, there is still unbelievably many bugs, we have no idea of. The more complex your cluster the higher the chance, that there is a misconfiguration. The juciest ones being at egress and ingress nodes (apart from the master node). Builing up your patience for it might be very fruitful! ;) And thank you of course for you insanely valuable content!
@Zivd101 11 ай бұрын
Proud of Yuval's incredible work and findings 🙌
@andreibida 11 ай бұрын
I don't know if it's just me, but these prizes seem absurdly low for what they're worth. And also considering software engineers at google get salaries in the range of hundreds of thousands per year, the reward is like what, a few weeks of pay for one of their employees? The first two prizes are more "worth", but even those are low compared to their value. It makes you wonder how many people find such exploits and instead of turning them in they'd rather sell them on the black market.
@LiveOverflow 11 ай бұрын
This is just a bonus on top of the regular bounty reward ;)
@stewiegriffin6503 11 ай бұрын
@@LiveOverflow Yes, bonus to yearly 100 $
@AGryphonTamer 11 ай бұрын
@@stewiegriffin6503 $100? Where did you get that number? Google paid an average of $11k per vulnerability of chrome. And they paid out 12 million this year. A few rewards even going for hundreds of thousands.
@NoNameAtAll2 11 ай бұрын
@@LiveOverflowhow big is "usual bouny reward"?
@AGryphonTamer 11 ай бұрын
Google paid an average of $11k per vulnerability of chrome. With some going for hundreds of thousands. Even for software engineers that's not nothing. It's profitable people are building teams to find bugs, and Google paid out over 12 mill this year. Now let's say you're a skilled software engineer, and you find a vulnerability. Would you rather take your chances on the black market, where you'd be breaking the law, risk losing your job, getting arrested, and have no guarantee of getting paid, or get paid a not insubstantial (if not massive) amount 100% legally. I know what I'd pick.
@RayfuzuLearning 11 ай бұрын
This is so cool. I just recently discovered your channel and you are already in my top 3 favorites. You inspire me so much to keep learning new things and experimenting with new technologies.
@davidedias1922 11 ай бұрын
One clarification, don't use the phrase "PODs or containers" because first they are not the same thing, and for a bit of extra knowledge, PODs can have multi-containers inside of them. Love your work, keep it up!
@oblivion_2852 11 ай бұрын
True but normally people referring to the other containers in a pod will be referring to a sidecar or init container.
@JGerard0 11 ай бұрын
I really enjoy watching your videos; they motivate me to keep studying.
@omespino 11 ай бұрын
Congratulations to all the winners!
@ktktktktktktkt 11 ай бұрын
The payout structure is a play on leet right? Didn't realize that was still a thing
@SuperLlama88888 11 ай бұрын
Wow, great video! You should definitely try next year!
@nysdehm9966 11 ай бұрын
Great Ed Sheran teaching us about hackin
@voluntad. 11 ай бұрын
Really interesting, thanks for the upload.
@bruteforce7746 11 ай бұрын
Thanks for this nice content. So surprised with Ssh key injection, is crazy.
@FMontanari709 11 ай бұрын
Daaaamn if a team can win 4th to 2nd place does it mean there could be a team that would win all 7 places? (I know it's next to impossible, but I wonder what would it take)
@coldfire6869 11 ай бұрын
Let's find out. When are you free?
@Freakinkat 11 ай бұрын
It's not impossible
@Freakinkat 11 ай бұрын
@@coldfire6869yeah you got the right attitude, In good at Social engineering :D
@whannabi 11 ай бұрын
Think bigger : a whole company.
@Freakinkat 11 ай бұрын
@@whannabi I'm dead ass serious, over here! I'm down AF! Y'all just lemme know what's up, we can link up then delete our post to ditch any evidence "Just in case there be lurker's" thank goodness for hiding in plain sight, it's a beautiful thing, truly it is.
@cemkaaidarov2415 11 ай бұрын
You are great as always, thanks!
@803titan 11 ай бұрын
Hey man I love the work you do the breakdowns are incredible. Really loved the description of Sockpuppet and wondering if you’d do more with iOS/xnu. The FORCEDENTRY (Triangulation) vulnerability is very intriguing (zero click) and I’m still purposefully in the cross hairs on iOS 14.2. Would you please look into these CVE to see if there is a potential video for the channel and us viewers? RCE with no interaction from a user 😱
@Paintballman251 11 ай бұрын
It’s so crazy hearing the theme tune for liveOverflow for ages and then realise it’s by Gunnar who I just saw with Puscifer! How crazy
@anonded 11 ай бұрын
"But, time issues can be solved with just, spending more time..." -LiveOverFlow @ 20:27
@CheritPL 11 ай бұрын
Sorry for offtop but...from the security researcher perspective, what do you think about passkey?
@TBadalov 11 ай бұрын
I laughed a lot at every recap saying "We'll see if I regret" :D
@DiddleDangle 11 ай бұрын
That's fucking genius with the image drag n drop.. good lord.
@Rune. 11 ай бұрын
love how all the prize money is variations of 1337
@Capiosus 11 ай бұрын
Is the entire video an advertisement? because the text stays in the top right corner the entire time
@LiveOverflow 11 ай бұрын
well the video was sponsored by Google. So I should probably clearly and transparently disclose that ;)
@Schoko4craft 11 ай бұрын
Can you make a video how dangerous extensions are (Browser, VSC)? I think its quite hard to find sources on that that are not like "its really dangerous" but yet everyone uses them.
@navagationvrvideos7445 11 ай бұрын
Good video.
@mugosquero 11 ай бұрын
Good to see "Buğra" here, he's a teenager from Turkey, I saw his video on "Google Cloud OS Command injection" but didn't know he won the prize. Let the 'mdisec' community rise.
@10FactsShow-10factshow 11 ай бұрын
Hy I am from Pakistan and stuck in a question, I just want to know how x86-64 Architecture processor know what is the required privilege level of the instruction or what privilege required to execute fetched command or with what it should compares CPL when executing the command. I Hope you will understand my question and respond to architect security enthusiast like you. Thanks
@lPlanetarizado 11 ай бұрын
i admit i tried the command shell last year but at the end i just didnt continue...damn....this year i proposed myself to learn more abour kernel windows, and stuff, but i think i must dedicate some time to google
@vygh1957 11 ай бұрын
What's up with the "Advertisement" hanging out at the top right corner for the entire duration of the video?
@AGryphonTamer 11 ай бұрын
The entire video was paid for by Google, and google used it on their own page. So it kind of makes sense to declare it.
@jeromepalayoor 11 ай бұрын
noice!
@monad_tcp 9 ай бұрын
I might have found that last SSH problem by mistake when typing my username, but I was too busy to care.
@SRG-Learn-Code 11 ай бұрын
why to ssh in the browser?
@attention_shopping 11 ай бұрын
so gr8
@Rhidayah 11 ай бұрын
We will see,, *5 years later:* We will see
@NeoKailthas 11 ай бұрын
I honestly think 100k is not enough for finding these bugs. consider how large google is.
@AGryphonTamer 11 ай бұрын
This is just a bonus prize. Google paid 12 mill in bounties this year, Some going for hundreds of thousands.
@tg7943 11 ай бұрын
Push!
@skifli 11 ай бұрын
Why does the video say `advertisement` in the top all through the video?
@LiveOverflow 11 ай бұрын
it's a sponsored video, so I want to transparently disclose this
@skifli 11 ай бұрын
@@LiveOverflow Oh ok that makes sense, thanks.
@helbertgascon 11 ай бұрын
Hello there fellow VRP Hall of Famers! 😅 Although I don't think they label us as HoF anymore though.
@RandomKSandom 11 ай бұрын
Kudos to Google for doing this, and for the researchers for participating
@nocapstoast 11 ай бұрын
LETSS GOO!
@Popunkwillneverdie 6 ай бұрын
👋
@nick-pu4zae 11 ай бұрын
i use it as a ide
@ste1747 11 ай бұрын
Organisations, developers should learn from google :)
@Mitsunee_ 11 ай бұрын
Google's product naming is so confusing. Is this Google Cloud as in Drive and Docs or Google Cloud as in GCP? And what is Google One and where did that suddenly come from??
@molinodealfonsoaceitesalfo5175 10 ай бұрын
Nowadays Baidu Servers
@vincistradivarius7381 11 ай бұрын
Daemon set trampolines...
@dani33300 11 ай бұрын
Why is the 6th place prize money at 3:14 displayed as 13,373$ when it could have been much cooler as 13,337$?
@hansmuds6018 11 ай бұрын
Because 7th place was 13,337$ already
@dani33300 11 ай бұрын
@@hansmuds6018 True. Should have been 13333.37$ to avoid this issue.
@aswins7781 11 ай бұрын
Sreeram KL ♥
@stellabckw2033 10 ай бұрын
fell victim of one of those oauth thing a long time ago
@itech7354 11 ай бұрын
Please make bypass biometric security
@poglin_or_smh 11 ай бұрын
Plastic surgery
@kmcat 11 ай бұрын
Finger print scanners are easy and sometimes messy
@Capiosus 11 ай бұрын
gj u are first
@manashalder1206 11 ай бұрын
This month I reported 2 bugs in Google products, both were Triaged, 1. P4 to P3 2. P2 . But they came with final result that, they want some serious impact on that..still working on those and one more I reported few days ago which sleep SQLI injection.. hope this one will get Triaged and will get my reward 😢 also had one bug which was Triaged, more than 2 months ago in Microsoft, they are taking so much time.
@TheStrandedAlliance 11 ай бұрын
Leet bounties.
@TheSkepticSkwerl 11 ай бұрын
Google should write more code in rust. 😂
@arg_mark 11 ай бұрын
5:20 wtf. Literally.
@bruteforce7746 11 ай бұрын
I was always wary of cloud console from the day i used it and keep telling myself how many bugs that would have. You know that weaknesses under the hood but nevertheless you use it because it is convenient and lazy. What socked me is how secure SLDC practices, pentests etc can not find such major holes
@rickmonarch4552 11 ай бұрын
why do pentesters have the most random accounts?
@nkazimulojudgement3583 11 ай бұрын
Anonymous
@rickmonarch4552 11 ай бұрын
@@nkazimulojudgement3583 why would white hat be anon
@CallousCoder 11 ай бұрын
130k for god knows who much time, is a bad pay. A good security engineer who goes freelance will turn that over in a year, here in NL and D. And unlike bug bounties this income js a continuous income source.
@LiveOverflow 11 ай бұрын
The winner did this work as an employee at paloaltonetworks. So this is just an extremely juicy bonus ;)
@CallousCoder 11 ай бұрын
@@LiveOverflow then it’s nice yeah 😄Until Der Steuerambt drops by I heard that in Germany it’s also as bad as here in NL these days. With the governments basically stealing income from its citizens without proper representation. 😏
@AGryphonTamer 11 ай бұрын
This is just a bonus prize. Google paid 12 mill in bounties this year, Some going for hundreds of thousands. So that top prize probably made them 800-900k.
@CallousCoder 11 ай бұрын
@@AGryphonTamer my point is that it’s not a guaranteed income and also pays relatively poorly. You can hunt for months and only land 17k. Where’s of your are that good in security work and you do hire yourself out you’ll earn that guaranteed in a month. If you do it as a hobby next to your job it’s okay. But I’ve heard of kids trying to do this to pay for college. Than it’s a poor investment of your time.
@AGryphonTamer 11 ай бұрын
FYI These are just bonus prizes. Google pays hundreds of thousands for top bounties, this is just extra.
@NameName-rk6ov 11 ай бұрын
Can you do a video on deleting Google drive. This guy I used to date keeps gaining access to my computer and phone and I can't get help bc he's an expert. The police literally don't do anything because they don't understand... Please post a video on this.
@motdde 11 ай бұрын
Makes me wanna take out KCAD away from my resume.
@Freakinkat 11 ай бұрын
I was SOOOO MF CLOSE!!! SOO FLIPPING CLOSE!!!!!!!!!! Meh :|
@LiveOverflow 11 ай бұрын
Ohh what? Tell me more!
@siimtulev1759 11 ай бұрын
o.O
@Mordinel 11 ай бұрын
Feels weird seeing such high payouts for the kind of stuff I find at work on a weekly basis
@fr5229 11 ай бұрын
Doubt it
@Mordinel 11 ай бұрын
@@fr5229 not the last one, not without a team. Most of these bugs are quite simple all things considered, very reminiscent of stuff I find at my day job.
@sudhanshurajbhar9635 11 ай бұрын
Finding the same bug at Google is a different thing than any random xyz target.
@Mordinel 11 ай бұрын
@@sudhanshurajbhar9635 Did you even watch the video?
@LexiLominite 11 ай бұрын
Honestly, I didnt understand so many things in this video. This gives me Imposter Syndrome. I should develop myself!
@nictibbetts 11 ай бұрын
I work for big tech and I knowingly introduce zero day exploits.
@universaltoons 11 ай бұрын
😱
@LauriePrescott 4 ай бұрын
I dont know how i would owe $100
@clickbaitlover8590 11 ай бұрын
why are those prizes all weird numbers? lol
@tanmaypanadi1414 11 ай бұрын
Google likes thier 1, 3 and 7
@stewiegriffin6503 11 ай бұрын
regarding small rewards, I would rename the contest to "Google's annual intellectual prostitution awards".
@MikeHawk-xl4xd 11 ай бұрын
let us hold a minute's silence for the 7 poor people who lost their jobs
@drewmcbride3027 11 ай бұрын
*Promo sm*
@thetrends5670 11 ай бұрын
Thankfully, you didn't participate; otherwise, no one will have won.
@methylamine5491 11 ай бұрын
Wanna get off google cloud.. Can you do a video explanation on how you can make the copy of your data that they send back to its original file type?
@Cracko298 11 ай бұрын
First
@ees4. 11 ай бұрын
not
@ProPlayerkdjxus 11 ай бұрын
Russian
@stewiegriffin6503 11 ай бұрын
That's the problem with IT today. People will do anything for few dollar or little bit fame. Real businessman would never give this info for free or cheap.
@Creator_JK 11 ай бұрын
Sprichts du Deutsch...?
@BusinessWolf1 11 ай бұрын
that thumbnail is garbage, this videos was easily a 200k view one with a better thumbnail
@LiveOverflow 11 ай бұрын
Make me one pls
@kim15742 11 ай бұрын
I am certain with his knowledge, LiveOverflow could get a job paying the equivalent of $133k. It seems he does not and chose a job that brings him more joy. I respect that
@Doninhas 11 ай бұрын
How can you hate kubernetes. It's just awesome :D
@ROBOTRIX_eu 11 ай бұрын
@vick7042 11 ай бұрын
So now Ed Sheeran is a tech expert?
@cybertache 11 ай бұрын
I just got a motivation that if a google can have basic issues, i can find them too in hackerone programs. :( ultimately i struggle to focus because i just want a quick win :(
LiveOverflow
Рет қаралды 88 М.
BSides Prishtina
Рет қаралды 187 М.