One More Day to get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Privilege Escalation in GCP - A Transitive Path

  • Wednesday, May 13, 2020 at 10:30 AM EDT (2020-05-13 14:30:00 UTC)
  • Kat Traxler

You can now attend the webcast using your mobile device!

  

Overview

The power of Impersonation is a deeply rooted concept in GCP and GKE. The ability for one member to Impersonate another is a foundational capability; it will and should be leveraged as your cloud maturity grows. But how does your Organization securely enable Impersonation without leaving behind a 'Happy Path' for Attackers?

In this talk I will show you how an attacker could abuse permissions with Transitive properties to escalate their permissions in GCP starting from initial compromise to Project Admin. I'll also talk about some 'Red Flag' permissions fueling privilege escalation and how to securely handle when there is a use case for them.

Speaker Bio

Kat Traxler

Kat Traxler is a Security Professional in the Twin Cities performing penetration testing, security architecture and research in the areas of Web Security, IAM, Payment Technologies and Cloud Native Technologies.  She has been a proud SANS facilitator since 2016 and currently holds GIAC-GSEC, GIAC-GCWN and GIAC-GDAT certifications. Kat Traxler is obsessed with the attack surface at the confluence of Identity and Cloud Platform APIs and thinks you should be too.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.