During the year 2023, I was a Cloud Security lecturer at FIAP. Long story short, It was an amazing experience. However, when we got to the more “red-team” parts of the course, I had trouble finding educational resources. I wanted a pentesting lab that would allow my students to exploit real-world misconfigurations, without the usual…
Category: Cloud
GCP – Extract all granted IAM permissions for all users
Introduction The following bash script is pretty simple. It generates a CSV that lists, for each user, all the roles given to them and in which resources. It’s great for doing IAM reviews. Note: if, for example, a user has access to a project, this scripts only lists the role granted at the project level….
Configs Vulneráveis Comuns em Stacks Google (GCP + Workspace)
Essa talk foi apresentada na B-Sides SP 2022, que ocorreu no dia 20/11/2022. Todo o conteúdo está disponível aqui: https://github.com/maximus-hackers/gcpBsides2022 Link direto do Docs: https://docs.google.com/presentation/d/164wBOdmQYWr2nFVR251XoFVY_GuUO7hJuIPdGRZY6FM/edit?usp=sharing Views: 58
Splunk – How to deal with delayed events in Alerts
If you’re using Splunk for Alerting, there is a problem that can occur where an event: Is generated before a scheduled search is executed But is only received after the search is done This will mean that: The scheduled search that should inspect the time-frame where the event was generated will not find the event,…
GCP – SSH into VMs as Service Account when OSLogin is enabled
OSLogin requires every SSH key to be tied to a user. For normal / human users the process is straight-forward and there is a lot of documentation about it. For Service Accounts, things get a little weirder… This tutorial will show you how to create an SSH key that is tied to a Service Accout…
Pomerium – How to install on GKE, from zero to hero
Hello! I have been using (and loving) Pomerium Enterprise for the past few months. Do you have an application that doesn’t have adequate access control or logging? Then Pomerium is the tool for you. It is an incredibly powerful and versatile zero-trust proxy (and no, that’s not a buzzword in this case). This guide will…
Migrating Primary Domains in Gsuite (Google Workspace) – An Epic Odyssey
Edit: Thanks to UmzuzuJoe for reminding me about the necessity to update groups also. This post is based on my personal experience changing Gsuite primary domains in a medium sized organization. I hope to give you the basic idea of how your migartion should work and what to exepect – and most importantly: tell you…
GCP – How to automatically export backups (MySQL and instances) to other places (AWS, Offline, etc…)
GCP has a pretty good backup system which is really easy to configure. For instances, you can schedule automatic snapshots and also convert theses snapshots to images whenever you want.For MySQL databases (not sure about the other types) you can schedule backups which are stored in a neat “full backup + incremental backups” to save…
How to create an alert in GCP for a specific event (ex: Modifying a firewall rule)
Say you want to be notified everytime a specific event occurs in your GCP project or organization such as an admin being added, a bucket being created, a firewall rule being modified, etc… How should you do it? After some trial and error, i have found that the method below gives the best results. Some…