Рет қаралды 127,698
Google announced the Google Cloud Platform (GCP) Prize 2021 - 133.337$ for the best bug bounty report for the Google Cloud Platform. Reading writeups is important to stay up to date and learn about different attacks. In this video I go over the 6 winners and share my thoughts.
This video is sponsored by Google.
The announcement: security.googleblog.com/2022/...
Winning submissions:
#1 www.seblu.de/2021/12/iap-bypa... ($133,337)
#2 github.com/irsl/gcp-dhcp-take... ($73,331)
#3 mbrancato.github.io/2021/12/2... ($73,331)
#4 / the-speckle-umbrella-s... ($31,337)
#5 lf.lc/vrp/203177829 ($1001)
#6 docs.google.com/document/d/1-... ($1000)
GCP Prize 2020: • Hacking into Google's ...
GCP Prize 2019: • $100k Hacking Prize - ...
Google Paid Me to Talk About a Security Issue! • Google Paid Me to Talk...
Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046 • Fuzzing Java to Find L...
----
00:00 - Intro GCP Prize 2021
01:05 - 6. "Command Injection in Google Cloud Shell" by Ademar Nowasky Junior
03:36 - 5. "Remote code execution in Managed Anthos Service Mesh control plane" by Anthony Weems
08:31 - 4. "The Speckle Umbrella story - part 2" by Imre Rad
11:33 - 3. "Remote Code Execution in Google Cloud Dataflow" by Mike Brancato
15:47 - 2. "Google Compute Engine VM takeover via DHCP flood" by Imre Rad
20:12 - 1. "Bypassing Identity-Aware Proxy" by Sebastian Lutz
22:42 - Summary and Conclusion
23:58 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Instagram: / liveoverflow
→ Blog: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow