2021-03-17

[public] 575K views, 27.8K likes, 187 dislikes audio only

LiveOverflow

In this video we hear the story how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total. This is a crazy bug, because it requires so much knowledge about Google internals. We will learn about Google's Global Software Load Balancer, BNS addresses and other Google secret tricks!

This video was sponsored by the Google Vulnerability Rewards Program:

https://security.googleblog.com/2021/03/announcing-winners-of-2020-gcp-vrp-prize.html

Ezequiel's own Writeup: https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html

SRE Book: https://sre.google/books/

GCP Prize 2020: /youtube/video/J2icGMocQds

00:00 - Intro

00:33 - Meet Ezequiel Pereira

00:58 - The Impact Of The Bug

02:41 - Winning The $133,337 Prize!

04:03 - How To Find a Product To Research?

06:05 - How To Approach Google Products?

07:16 - The BEST Tip For Bug Hunters!

08:08 - What Does Deployment Manager Do?

09:00 - Type Providers: First Research Into Deployment Manager

11:03 - Using Type Providers for SSRF?

13:00 - Going Deeper - Finding A Hidden Version

15:01 - The Google Dogfood Version

15:52 - Discovering Internal Google Options - GSLB

17:34 - The Google SRE Book - Explaining Googles Software Load Balancer

19:34 - Exploiting GSLB?

21:58 - Failing to Exploit GSLB

22:28 - Abusing Protobuf To Find Hidden Enums

25:34 - Google API GRPC/Protobuf Tricks

29:11 - SUCCESS! Attacking Google's Network via GSLB SSRF!

30:34 - Summary

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/