Speakers
Synopsis
The Cloud Shell feature from cloud service providers offers a convenient way to access resources within the cloud, significantly improving the user experience for administrators and developers. However, even though the instance has a short lifespan, granting excessive permissions could pose security risks. This talk reveals an abuse methodology that leverages a public-facing port in GCP Cloud Shell. Through manipulation in Netfilter's NAT table, it serves various internally running services such as HTTP, SOCKS, and SSH within the Cloud Shell container to the public. This configuration could be exploited by adversaries to bypass Google authentication in Web Preview feature to leak data, deliver malicious content, or pivot attacks through the Google network.
