Initial Access

Getting the initial foothold in organization’s google cloud environment:

Exploiting Web App

- Compute Engine

- Cloud Function

- App Engine

- Kubernetes

Valid Credential

- Password Spray

gsprayer: https://github.com/y0k4i-1337/gsprayer

gSuite_Spray.py: https://github.com/jnqpblc/Misc-Python/blob/master/gSuite_Spray.py

- Phishing, AiTM, Illicit Consent Grant Attack, …

Leaked Credential

- OSINT (SVN, Dark Web, etc.)

Compromise User System

- Gcloud credential

- Application Default Credential

PreviousBasic InfoNextEnumeration

Last updated