Could I Hack into Google Cloud?

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=GvO2Xtx8p9w


Duration: 24:55
126,038 views
5,190

Google announced the Google Cloud Platform (GCP) Prize 2021 - 133.337$ for the best bug bounty report for the Google Cloud Platform. Reading writeups is important to stay up to date and learn about different attacks. In this video I go over the 6 winners and share my thoughts.

This video is sponsored by Google.

The announcement: https://security.googleblog.com/2022/06/announcing-winners-of-2021-gcp-vrp-prize.html

Winning submissions:
#1 https://www.seblu.de/2021/12/iap-bypass.html ($133,337)
#2 https://github.com/irsl/gcp-dhcp-takeover-code-exec ($73,331)
#3 https://mbrancato.github.io/2021/12/28/rce-dataflow.html ($73,331)
#4 https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea ($31,337)
#5 https://lf.lc/vrp/203177829 ($1001)
#6 https://docs.google.com/document/d/1-TTCS6fS6kvFUkoJmX4Udr-czQ79lSUVXiWsiAED_bs ($1000)

GCP Prize 2020: https://www.youtube.com/watch?v=g-JgA1hvJzA
GCP Prize 2019: https://www.youtube.com/watch?v=J2icGMocQds

Google Paid Me to Talk About a Security Issue! https://www.youtube.com/watch?v=E-P9USG6kLs
Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046 https://www.youtube.com/watch?v=kvREvOvSWt4

----

00:00 - Intro GCP Prize 2021
01:05 - 6. "Command Injection in Google Cloud Shell" by Ademar Nowasky Junior
03:36 - 5. "Remote code execution in Managed Anthos Service Mesh control plane" by Anthony Weems
08:31 - 4. "The Speckle Umbrella story — part 2" by Imre Rad
11:33 - 3. "Remote Code Execution in Google Cloud Dataflow" by Mike Brancato
15:47 - 2. "Google Compute Engine VM takeover via DHCP flood" by Imre Rad
20:12 - 1. "Bypassing Identity-Aware Proxy" by Sebastian Lutz
22:42 - Summary and Conclusion
23:58 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2022-09-04The Three JavaScript Hacking Legends
2022-08-25Minecraft Force-OP Exploit!
2022-08-11How The RIDL CPU Vulnerability Was Found
2022-08-07Code Review vs. Dynamic Testing explained with Minecraft
2022-07-31Self-Learning Reverse Engineering in 2022
2022-07-23The Same Origin Policy - Hacker History
2022-07-13They Cracked My Server!
2022-07-03Is Hacking Illegal? A Deeper Look at Hacking Laws
2022-06-24Are Resource Packs Safe?
2022-06-12The State of log4shell in Minecraft Months Later
2022-06-03Could I Hack into Google Cloud?
2022-05-19Scanning The Internet for Minecraft Servers
2022-05-08Crafting a Minecraft 0day...
2022-05-01Flying Without Elytra
2022-04-20Modding is Hacking...
2022-04-16Awkward VLOG at Nullcon Berlin 2022
2022-04-10Minecraft, But It's Reverse Engineered...
2022-04-03Breaching Security of Palais des Congrès (in Minecraft) #shorts
2022-04-01I Spent 100 Days Hacking Minecraft
2022-03-24I've been Hacking for 10 Years! (Stripe CTF Speedrun)
2022-03-16Missing HTTP Security Headers - Bug Bounty Tips


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
google cloud
gcp prize
gcp prize 2021
hacking into google
hacking google cloud
google cloud platform
cloudsql
anthos service mesh
google dataflow
compute engine
cloud run
identity aware proxy
IAP
anthony weems