2022-06-03

[public] 5.86K views, 5.18K likes, dislikes audio only

LiveOverflow

Google announced the Google Cloud Platform (GCP) Prize 2021 - 133.337$ for the best bug bounty report for the Google Cloud Platform. Reading writeups is important to stay up to date and learn about different attacks. In this video I go over the 6 winners and share my thoughts.

This video is sponsored by Google.

The announcement: https://security.googleblog.com/2022/06/announcing-winners-of-2021-gcp-vrp-prize.html

Winning submissions:

#1 https://www.seblu.de/2021/12/iap-bypass.html ($133,337)

#2 https://github.com/irsl/gcp-dhcp-takeover-code-exec ($73,331)

#3 https://mbrancato.github.io/2021/12/28/rce-dataflow.html ($73,331)

#4 https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea ($31,337)

#5 https://lf.lc/vrp/203177829 ($1001)

#6 https://docs.google.com/document/d/1-TTCS6fS6kvFUkoJmX4Udr-czQ79lSUVXiWsiAED_bs ($1000)

GCP Prize 2020: /youtube/video/g-JgA1hvJzA

GCP Prize 2019: /youtube/video/J2icGMocQds

Google Paid Me to Talk About a Security Issue! /youtube/video/E-P9USG6kLs

Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046 /youtube/video/kvREvOvSWt4

----

00:00 - Intro GCP Prize 2021

01:05 - 6. "Command Injection in Google Cloud Shell" by Ademar Nowasky Junior

03:36 - 5. "Remote code execution in Managed Anthos Service Mesh control plane" by Anthony Weems

08:31 - 4. "The Speckle Umbrella story — part 2" by Imre Rad

11:33 - 3. "Remote Code Execution in Google Cloud Dataflow" by Mike Brancato

15:47 - 2. "Google Compute Engine VM takeover via DHCP flood" by Imre Rad

20:12 - 1. "Bypassing Identity-Aware Proxy" by Sebastian Lutz

22:42 - Summary and Conclusion

23:58 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/