This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
GCP Lateral Movement and Privileged Escalation Spill Over and Updates from Google
Since giving our Blackhat talk on lateral movement and privilege escalation in GCP Google has announced a few changes. They've released a new blog post that talks about some suggested customer mitigations, as well as roll out a new org policy to prevent privilege escalation in certain roles. I'll do a recap of our Blackhat talk, cover some spill over material we didn't have time to cover, like privilege escalating remote build execution, and generally talk through the updates from Google and how they impact the original attacks we covered.
Dylan Ayrey is a Security Engineer. He has been heavily involved in the open source community for a few years, and he has been doing his best to bring security practices into the cloud/devsecops world.