Hacking Google Cloud?
Рет қаралды 123,315
Күн бұрынEvery year Google celebrates the best security issues found in Google Cloud. This year we take a look at the 7 winners to see if we could have found these issues too. Will I regret not having hacked Google last year?
This video is sponsored by Google VRP:
Follow GoogleVRP Twitter: / googlevrp
The GCP Prize Winners of 2022:
security.googleblog.com/2023/...
1. Prize - $133,337: Yuval Avrahami unit42.paloaltonetworks.com/g...
2. Prize - $73,331: Sivanesh Ashok and Sreeram KL blog.stazot.com/ssh-key-injec...
3. Prize - $31,337: Sivanesh Ashok and Sreeram KL blog.stazot.com/auth-bypass-i...
4. Prize - $31,311: Sreeram KL and Sivanesh Ashok blog.geekycat.in/client-side-...
5. Prize - $17,311: Yuval Avrahami and Shaul Ben Hai www.paloaltonetworks.com/reso... Talk: • Trampoline Pods: Node ...
6. Prize - $13,373: Obmi obmiblog.blogspot.com/2022/12...
7. Prize - $13,337: Bugra Eskici bugra.ninja/posts/cloudshell-...
Previous Winners:
GPC Prize 2019: • $100k Hacking Prize - ...
GPC Prize 2020: • Hacking into Google's ...
GPC Prize 2021: • Could I Hack into Goog...
Chapters:
00:00 - Intro
01:28 - Python Command Injection (Prize 7)
03:01 - XSS, CSRF and NEL Backdoor (Prize 6)
07:04 - Excessive Permissions in k8s DaemonSets (Prize 5)
09:13 - SSRF auth Authorization Token (Prize 4)
10:46 - OAuth Issue (Prize 3)
12:07 - SSH authorized_key Injection (Prize 2)
14:45 - Kubernetes Engine Privilege Escalation (Prize 1)
18:11 - Discussing the Winner
19:25 - What did I learn from the GCP 2022?
20:51 - Outro
=[ ❤️ Support ]=
Get my handwritten font shop.liveoverflow.com (advertisement)
Checkout our courses on hextree.io (advertisement)
Support these videos: liveoverflow.com/support/
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
@d3caii Жыл бұрын
"Yep, I regret not hacking xyz" is something I tell myself everytime i see a writeup on the internet for anything :(. If only there was a easy way to fix my laziness/procrastination
@Timm2003 Жыл бұрын
If u found a way pls let me know 😑
@Nunya58294 Жыл бұрын
It's called don't be an idiot.
@nabilrise1551 Жыл бұрын
isn't that our biggest enemy ... our own procrastination
@Maxjoker98 Жыл бұрын
Amphetamines. Cocaine. I'm kidding of course, these are at best short-term motivators. If you want to adopt a new behavior intentionally, one of the most important things is long-term motivation. You need to think "If only I did X, I'd be a little closer to goal Y", where Y is a goal that you can reach by continuously working on X.
@w花b Жыл бұрын
@@Maxjoker98Adderall, Xanax. I'm not kidding tho. Just kidding ha ha...!
@gagep.7017 Жыл бұрын
Its always funny seeing some of the vulnerabilities in these bugbounties are so simple its baffling. "ah that would never work its so simple those engineers probably have 20 checks on it" Hindsight 2020 i guess after the fact
@kyle8575 Жыл бұрын
Obviously outsiders can’t comment on the work environment, but if I had to guess it’s like this. 1) Google wants a new feature 2) Timeline is really short or engineers take their sweet time to procrastinate then rush it out 3) Lacks proper checks and review 4) Goes to production
@Golden2Talon Жыл бұрын
yeah i always hear what kind of amazing engineer you have to be to work at FAANG and I guess 100 PhDs will block everything I do.... then I see this
@jeffwells641 Жыл бұрын
I think it's more likely just the fact that they are always trying to improve, and therefore always changing. The more you change, the more likely it is someone will make a mistake or two systems will interact in a way that will open one or the other up to a vulnerability that was formerly not possible. That's why the Google Cloud hacking competition is brilliant - for about the cost of a single software engineer, Google gets thousands of talented individuals discovering weaknesses in their system, most of which a Google engineer can then fix in like 5 minutes.
@amunak_ Жыл бұрын
It's also just that there's just *so much code* and *so many people* that things slip through easily.
@MegaTomPL2 Жыл бұрын
its like puzzle
@logiciananimal Жыл бұрын
I think it is wonderful that Google is paying for third party research, made publicly available, not "just" bug hunting.
@mollthecoder 11 ай бұрын
It's better to pay a few thousand for a bug to be responsibly disclosed then it be used maliciously and potentially cause millions in damage
@test-rj2vl 11 ай бұрын
@@mollthecoder Yep, that is true. If they don't pay, someone else will.
@monad_tcp 10 ай бұрын
I don't think they are either bug hunting or doing user experience or anything on GCP because ITS AWFUL, that's why its cheaper than AWS or Azure
@monad_tcp 10 ай бұрын
@@mollthecoder " potentially cause millions in damage" is anything serious using GCP ?
@mathijsfrank9268 Жыл бұрын
It would be an interesting video idea if you film the process of finding an actual vulnerability in something like Google cloud (if you actually manage to find one). Which you can release once the party has had time to fix it. It would give a more real world example of how you go about finding vulnerabilities that isn't just capture the flag.
@expandingsalad786 Жыл бұрын
I don't remember which videos specifically, but I'm 99% sure he's done almost exactly this
@justind4615 Жыл бұрын
@@expandingsalad786 can you name me 1 video pls
@Maxjoker98 Жыл бұрын
I'm very surprised. At least 2 of these bugs could have been found by using a very basic bad-string library on the APIs arguments.
@ALZlper Жыл бұрын
As long as you see this fix as a swiss cheese slice
@ArthurSchoppenweghauer Жыл бұрын
Love how all of the prizes are variations on 1337.
@chill_melodies Жыл бұрын
all Google bounties have 1,3 and 7 always
@creatorofimages7925 Жыл бұрын
Was exposed to Kubernetes Clusters in my work. I think, there is still unbelievably many bugs, we have no idea of. The more complex your cluster the higher the chance, that there is a misconfiguration. The juciest ones being at egress and ingress nodes (apart from the master node). Builing up your patience for it might be very fruitful! ;) And thank you of course for you insanely valuable content!
@andrekz9138 Жыл бұрын
Finding bug bounties at this level is like panning for gold.
@andreibida Жыл бұрын
I don't know if it's just me, but these prizes seem absurdly low for what they're worth. And also considering software engineers at google get salaries in the range of hundreds of thousands per year, the reward is like what, a few weeks of pay for one of their employees? The first two prizes are more "worth", but even those are low compared to their value. It makes you wonder how many people find such exploits and instead of turning them in they'd rather sell them on the black market.
@LiveOverflow Жыл бұрын
This is just a bonus on top of the regular bounty reward ;)
@stewiegriffin6503 Жыл бұрын
@@LiveOverflow Yes, bonus to yearly 100 $
@AGryphonTamer Жыл бұрын
@@stewiegriffin6503 $100? Where did you get that number? Google paid an average of $11k per vulnerability of chrome. And they paid out 12 million this year. A few rewards even going for hundreds of thousands.
@NoNameAtAll2 Жыл бұрын
@@LiveOverflowhow big is "usual bouny reward"?
@AGryphonTamer Жыл бұрын
Google paid an average of $11k per vulnerability of chrome. With some going for hundreds of thousands. Even for software engineers that's not nothing. It's profitable people are building teams to find bugs, and Google paid out over 12 mill this year. Now let's say you're a skilled software engineer, and you find a vulnerability. Would you rather take your chances on the black market, where you'd be breaking the law, risk losing your job, getting arrested, and have no guarantee of getting paid, or get paid a not insubstantial (if not massive) amount 100% legally. I know what I'd pick.
@Zivd101 Жыл бұрын
Proud of Yuval's incredible work and findings 🙌
@RayfuzuLearning Жыл бұрын
This is so cool. I just recently discovered your channel and you are already in my top 3 favorites. You inspire me so much to keep learning new things and experimenting with new technologies.
@davidedias1922 Жыл бұрын
One clarification, don't use the phrase "PODs or containers" because first they are not the same thing, and for a bit of extra knowledge, PODs can have multi-containers inside of them. Love your work, keep it up!
@oblivion_2852 Жыл бұрын
True but normally people referring to the other containers in a pod will be referring to a sidecar or init container.
@omespino Жыл бұрын
Congratulations to all the winners!
@JGerard0 Жыл бұрын
I really enjoy watching your videos; they motivate me to keep studying.
@cemkaaidarov2415 Жыл бұрын
You are great as always, thanks!
@voluntad. Жыл бұрын
Really interesting, thanks for the upload.
@mugosquero Жыл бұрын
Good to see "Buğra" here, he's a teenager from Turkey, I saw his video on "Google Cloud OS Command injection" but didn't know he won the prize. Let the 'mdisec' community rise.
@bruteforce7746 Жыл бұрын
Thanks for this nice content. So surprised with Ssh key injection, is crazy.
@FMontanari709 Жыл бұрын
Daaaamn if a team can win 4th to 2nd place does it mean there could be a team that would win all 7 places? (I know it's next to impossible, but I wonder what would it take)
@coldfire6869 Жыл бұрын
Let's find out. When are you free?
@Freakinkat Жыл бұрын
It's not impossible
@Freakinkat Жыл бұрын
@@coldfire6869yeah you got the right attitude, In good at Social engineering :D
@w花b Жыл бұрын
Think bigger : a whole company.
@Freakinkat Жыл бұрын
@@w花b I'm dead ass serious, over here! I'm down AF! Y'all just lemme know what's up, we can link up then delete our post to ditch any evidence "Just in case there be lurker's" thank goodness for hiding in plain sight, it's a beautiful thing, truly it is.
@DiddleDangle Жыл бұрын
That's fucking genius with the image drag n drop.. good lord.
@SuperLlama88888 Жыл бұрын
Wow, great video! You should definitely try next year!
@ktktktktktktkt Жыл бұрын
The payout structure is a play on leet right? Didn't realize that was still a thing
@803titan Жыл бұрын
Hey man I love the work you do the breakdowns are incredible. Really loved the description of Sockpuppet and wondering if you’d do more with iOS/xnu. The FORCEDENTRY (Triangulation) vulnerability is very intriguing (zero click) and I’m still purposefully in the cross hairs on iOS 14.2. Would you please look into these CVE to see if there is a potential video for the channel and us viewers? RCE with no interaction from a user 😱
@nysdehm9966 Жыл бұрын
Great Ed Sheran teaching us about hackin
@anonded Жыл бұрын
"But, time issues can be solved with just, spending more time..." -LiveOverFlow @ 20:27
@TBadalov Жыл бұрын
I laughed a lot at every recap saying "We'll see if I regret" :D
@Paintballman251 Жыл бұрын
It’s so crazy hearing the theme tune for liveOverflow for ages and then realise it’s by Gunnar who I just saw with Puscifer! How crazy
@CheritPL Жыл бұрын
Sorry for offtop but...from the security researcher perspective, what do you think about passkey?
@Capiosus Жыл бұрын
Is the entire video an advertisement? because the text stays in the top right corner the entire time
@LiveOverflow Жыл бұрын
well the video was sponsored by Google. So I should probably clearly and transparently disclose that ;)
@navagationvrvideos7445 Жыл бұрын
Good video.
@Rune. Жыл бұрын
love how all the prize money is variations of 1337
@lPlanetarizado Жыл бұрын
i admit i tried the command shell last year but at the end i just didnt continue...damn....this year i proposed myself to learn more abour kernel windows, and stuff, but i think i must dedicate some time to google
@Schoko4craft Жыл бұрын
Can you make a video how dangerous extensions are (Browser, VSC)? I think its quite hard to find sources on that that are not like "its really dangerous" but yet everyone uses them.
@10FactsShow-10factshow Жыл бұрын
Hy I am from Pakistan and stuck in a question, I just want to know how x86-64 Architecture processor know what is the required privilege level of the instruction or what privilege required to execute fetched command or with what it should compares CPL when executing the command. I Hope you will understand my question and respond to architect security enthusiast like you. Thanks
@monad_tcp 10 ай бұрын
I might have found that last SSH problem by mistake when typing my username, but I was too busy to care.
@vygh1957 Жыл бұрын
What's up with the "Advertisement" hanging out at the top right corner for the entire duration of the video?
@AGryphonTamer Жыл бұрын
The entire video was paid for by Google, and google used it on their own page. So it kind of makes sense to declare it.
@jeromepalayoor Жыл бұрын
noice!
@NeoKailthas Жыл бұрын
I honestly think 100k is not enough for finding these bugs. consider how large google is.
@AGryphonTamer Жыл бұрын
This is just a bonus prize. Google paid 12 mill in bounties this year, Some going for hundreds of thousands.
@helbertgascon Жыл бұрын
Hello there fellow VRP Hall of Famers! 😅 Although I don't think they label us as HoF anymore though.
@SRG-Learn-Code Жыл бұрын
why to ssh in the browser?
@nocapstoast Жыл бұрын
LETSS GOO!
@attention_shopping Жыл бұрын
so gr8
@Rhidayah Жыл бұрын
We will see,, *5 years later:* We will see
@skifli Жыл бұрын
Why does the video say `advertisement` in the top all through the video?
@LiveOverflow Жыл бұрын
it's a sponsored video, so I want to transparently disclose this
@skifli Жыл бұрын
@@LiveOverflow Oh ok that makes sense, thanks.
@RandomKSandom Жыл бұрын
Kudos to Google for doing this, and for the researchers for participating
@manashalder1206 Жыл бұрын
This month I reported 2 bugs in Google products, both were Triaged, 1. P4 to P3 2. P2 . But they came with final result that, they want some serious impact on that..still working on those and one more I reported few days ago which sleep SQLI injection.. hope this one will get Triaged and will get my reward 😢 also had one bug which was Triaged, more than 2 months ago in Microsoft, they are taking so much time.
@stellabckw2033 11 ай бұрын
fell victim of one of those oauth thing a long time ago
@ste1747 Жыл бұрын
Organisations, developers should learn from google :)
@Popunkwillneverdie 7 ай бұрын
👋
@tg7943 Жыл бұрын
Push!
@itech7354 Жыл бұрын
Please make bypass biometric security
@poglin_or_smh Жыл бұрын
Plastic surgery
@kmcat Жыл бұрын
Finger print scanners are easy and sometimes messy
@Capiosus Жыл бұрын
gj u are first
@vincistradivarius7381 Жыл бұрын
Daemon set trampolines...
@dani33300 Жыл бұрын
Why is the 6th place prize money at 3:14 displayed as 13,373$ when it could have been much cooler as 13,337$?
@hansmuds6018 Жыл бұрын
Because 7th place was 13,337$ already
@dani33300 Жыл бұрын
@@hansmuds6018 True. Should have been 13333.37$ to avoid this issue.
@nick-pu4zae Жыл бұрын
i use it as a ide
@TheSkepticSkwerl Жыл бұрын
Google should write more code in rust. 😂
@Mitsunee_ Жыл бұрын
Google's product naming is so confusing. Is this Google Cloud as in Drive and Docs or Google Cloud as in GCP? And what is Google One and where did that suddenly come from??
@molinodealfonsoaceitesalfo5175 11 ай бұрын
Nowadays Baidu Servers
@CallousCoder Жыл бұрын
130k for god knows who much time, is a bad pay. A good security engineer who goes freelance will turn that over in a year, here in NL and D. And unlike bug bounties this income js a continuous income source.
@LiveOverflow Жыл бұрын
The winner did this work as an employee at paloaltonetworks. So this is just an extremely juicy bonus ;)
@CallousCoder Жыл бұрын
@@LiveOverflow then it’s nice yeah 😄Until Der Steuerambt drops by I heard that in Germany it’s also as bad as here in NL these days. With the governments basically stealing income from its citizens without proper representation. 😏
@AGryphonTamer Жыл бұрын
This is just a bonus prize. Google paid 12 mill in bounties this year, Some going for hundreds of thousands. So that top prize probably made them 800-900k.
@CallousCoder Жыл бұрын
@@AGryphonTamer my point is that it’s not a guaranteed income and also pays relatively poorly. You can hunt for months and only land 17k. Where’s of your are that good in security work and you do hire yourself out you’ll earn that guaranteed in a month. If you do it as a hobby next to your job it’s okay. But I’ve heard of kids trying to do this to pay for college. Than it’s a poor investment of your time.
@arg_mark Жыл бұрын
5:20 wtf. Literally.
@aswins7781 Жыл бұрын
Sreeram KL ♥
@AGryphonTamer Жыл бұрын
FYI These are just bonus prizes. Google pays hundreds of thousands for top bounties, this is just extra.
@TheStrandedAlliance Жыл бұрын
Leet bounties.
@nictibbetts Жыл бұрын
I work for big tech and I knowingly introduce zero day exploits.
@叵 Жыл бұрын
😱
@Mordinel Жыл бұрын
Feels weird seeing such high payouts for the kind of stuff I find at work on a weekly basis
@fr5229 Жыл бұрын
Doubt it
@Mordinel Жыл бұрын
@@fr5229 not the last one, not without a team. Most of these bugs are quite simple all things considered, very reminiscent of stuff I find at my day job.
@sudhanshurajbhar9635 Жыл бұрын
Finding the same bug at Google is a different thing than any random xyz target.
@Mordinel Жыл бұрын
@@sudhanshurajbhar9635 Did you even watch the video?
@NameName-rk6ov Жыл бұрын
Can you do a video on deleting Google drive. This guy I used to date keeps gaining access to my computer and phone and I can't get help bc he's an expert. The police literally don't do anything because they don't understand... Please post a video on this.
@bruteforce7746 Жыл бұрын
I was always wary of cloud console from the day i used it and keep telling myself how many bugs that would have. You know that weaknesses under the hood but nevertheless you use it because it is convenient and lazy. What socked me is how secure SLDC practices, pentests etc can not find such major holes
@rickmonarch4552 Жыл бұрын
why do pentesters have the most random accounts?
@nkazimulojudgement3583 Жыл бұрын
Anonymous
@rickmonarch4552 Жыл бұрын
@@nkazimulojudgement3583 why would white hat be anon
@motdde Жыл бұрын
Makes me wanna take out KCAD away from my resume.
@Freakinkat Жыл бұрын
I was SOOOO MF CLOSE!!! SOO FLIPPING CLOSE!!!!!!!!!! Meh :|
@LiveOverflow Жыл бұрын
Ohh what? Tell me more!
@siimtulev1759 Жыл бұрын
o.O
@LexiLominite Жыл бұрын
Honestly, I didnt understand so many things in this video. This gives me Imposter Syndrome. I should develop myself!
@LauriePrescott 5 ай бұрын
I dont know how i would owe $100
@clickbaitlover8590 Жыл бұрын
why are those prizes all weird numbers? lol
@tanmaypanadi1414 Жыл бұрын
Google likes thier 1, 3 and 7
@stewiegriffin6503 Жыл бұрын
regarding small rewards, I would rename the contest to "Google's annual intellectual prostitution awards".
@thetrends5670 Жыл бұрын
Thankfully, you didn't participate; otherwise, no one will have won.
@MikeHawk-xl4xd Жыл бұрын
let us hold a minute's silence for the 7 poor people who lost their jobs
@drewmcbride3027 11 ай бұрын
*Promo sm*
@methylamine5491 Жыл бұрын
Wanna get off google cloud.. Can you do a video explanation on how you can make the copy of your data that they send back to its original file type?
@Cracko298 Жыл бұрын
First
@ees4. Жыл бұрын
not
@ProPlayerkdjxus Жыл бұрын
Russian
@stewiegriffin6503 Жыл бұрын
That's the problem with IT today. People will do anything for few dollar or little bit fame. Real businessman would never give this info for free or cheap.
@Creator_JK Жыл бұрын
Sprichts du Deutsch...?
@BusinessWolf1 Жыл бұрын
that thumbnail is garbage, this videos was easily a 200k view one with a better thumbnail
@LiveOverflow Жыл бұрын
Make me one pls
@kim15742 Жыл бұрын
I am certain with his knowledge, LiveOverflow could get a job paying the equivalent of $133k. It seems he does not and chose a job that brings him more joy. I respect that
@Doninhas Жыл бұрын
How can you hate kubernetes. It's just awesome :D
@ROBOTRIX_eu Жыл бұрын
@vick7042 Жыл бұрын
So now Ed Sheeran is a tech expert?
@cybertache Жыл бұрын
I just got a motivation that if a google can have basic issues, i can find them too in hackerone programs. :( ultimately i struggle to focus because i just want a quick win :(
LiveOverflow
Рет қаралды 88 М.