Uncategorized – Pomba Labs

GCP: A script to list existing API Keys in your organization with Gemini access

Posted on March 4, 2026March 4, 2026 by [email protected]

Truffle Security recently reported that, depending on certain GCP configurations, existing public keys can now be used to access the Gemini API, potentially allowing access to sensitive data or allowing financial DOS attacks: https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules This issue happens when:1 – A GCP Project has at least one existing key that is published somewhere (E.g., firebase or…

The WAF Swiss-Knife

Posted on May 19, 2024May 19, 2024 by [email protected]

This blogpost showcases some not-so-commonly-advertised benefits and features that modern WAFs have, and how they can be used in an average company to gain benefits ranging from technical to political. It also provides some tips and tricks that I would have liked to know a few years ago. This was originally presented as a talk…

Google Workspace / GSuite with GAM – Extract all Drive files shared externally

Posted on March 22, 2022May 3, 2024 by [email protected]

This is a useful command for extracting all files shared with at least one external user in Google Drive. I recommend running this command regularly to keep an eye on data exfiltration and improper sharing outside the company. Views: 277

Eu

Posted on May 27, 2019May 3, 2024 by lucasacioffi