Published On Jun 22, 2023
Every year Google celebrates the best security issues found in Google Cloud. This year we take a look at the 7 winners to see if we could have found these issues too. Will I regret not having hacked Google last year?
This video is sponsored by Google VRP:
Follow GoogleVRP Twitter: / googlevrp
The GCP Prize Winners of 2022:
https://security.googleblog.com/2023/...
1. Prize - $133,337: Yuval Avrahami https://unit42.paloaltonetworks.com/g...
2. Prize - $73,331: Sivanesh Ashok and Sreeram KL https://blog.stazot.com/ssh-key-injec...
3. Prize - $31,337: Sivanesh Ashok and Sreeram KL https://blog.stazot.com/auth-bypass-i...
4. Prize - $31,311: Sreeram KL and Sivanesh Ashok https://blog.geekycat.in/client-side-...
5. Prize - $17,311: Yuval Avrahami and Shaul Ben Hai https://www.paloaltonetworks.com/reso... Talk: • Trampoline Pods: Node to Admin PrivEs...
6. Prize - $13,373: Obmi https://obmiblog.blogspot.com/2022/12...
7. Prize - $13,337: Bugra Eskici https://bugra.ninja/posts/cloudshell-...
Previous Winners:
GPC Prize 2019: • $100k Hacking Prize - Security Bugs i...
GPC Prize 2020: • Hacking into Google's Network for $13...
GPC Prize 2021: • Could I Hack into Google Cloud?
Chapters:
00:00 - Intro
01:28 - Python Command Injection (Prize 7)
03:01 - XSS, CSRF and NEL Backdoor (Prize 6)
07:04 - Excessive Permissions in k8s DaemonSets (Prize 5)
09:13 - SSRF auth Authorization Token (Prize 4)
10:46 - OAuth Issue (Prize 3)
12:07 - SSH authorized_key Injection (Prize 2)
14:45 - Kubernetes Engine Privilege Escalation (Prize 1)
18:11 - Discussing the Winner
19:25 - What did I learn from the GCP 2022?
20:51 - Outro
=[ ❤️ Support ]=
Get my handwritten font https://shop.liveoverflow.com (advertisement)
Checkout our courses on https://hextree.io (advertisement)
Support these videos: https://liveoverflow.com/support/
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
2nd Channel: / liveunderflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: / liveoverflow_
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
