Essa talk foi apresentada na B-Sides SP 2022, que ocorreu no dia 20/11/2022. Todo o conteúdo está disponível aqui: https://github.com/maximus-hackers/gcpBsides2022 Link direto do Docs: https://docs.google.com/presentation/d/164wBOdmQYWr2nFVR251XoFVY_GuUO7hJuIPdGRZY6FM/edit?usp=sharing
If you’re using Splunk for Alerting, there is a problem that can occur where an event: Is generated before a scheduled search is executed But is only received after the search is done This will mean that: The scheduled search that should inspect the time-frame where the event was generated will not find the event,…
Table of Contents Activating IAP with OSLogin (best option) Activating IAP for Project Owners Activating IAP for Admins Activating IAP without OSLogin Introduction IAP Tunneling is extremely useful for acessing resources that don’t have public IPs.In fact, it’s much safer and easier than assigning public IPs and configuring Firewall rules, or setting up VPNs inside…
OSLogin requires every SSH key to be tied to a user. For normal / human users the process is straight-forward and there is a lot of documentation about it. For Service Accounts, things get a little weirder… This tutorial will show you how to create an SSH key that is tied to a Service Accout…
Introduction For some reason, users are forced to activate at least one 2FA method (SMS, token or cellphone alerts) before being allowed to activate TOTP (via Authenticator). SMS is an insecure method of 2FA, because telephone companies are usually susceptible to social engineering attacks that can transfer your number to an unauthorized user. If you…
This is a useful command for extracting all files shared with at least one external user in Google Drive. I recommend running this command regularly to keep an eye on data exfiltration and improper sharing outside the company.
Update 2023/09/13: GCP has updated how some of the filters work. Some of these commands may not work anymore. Here are a few helpful gcloud commands to see important IAM information! Run these in your cloud shell or from your own machine using Cloud SDK Just switch <id> with your organization’s id and <[email protected]> with…
Hello! I have been using (and loving) Pomerium Enterprise for the past few months. Do you have an application that doesn’t have adequate access control or logging? Then Pomerium is the tool for you. It is an incredibly powerful and versatile zero-trust proxy (and no, that’s not a buzzword in this case). This guide will…
I just had a problem where Google Calendar’s default privacy setting was changed to “freeBusy” but didn’t replicate to all users. Looking into it, the privacy change is only applied if the user hasn’t changed their calendar’s default settings. It’s not clear what settings influence this. Anyway, we needed to use GAM to fix the…
Edit (15/02): Thanks to hjkimbrian for warning that there is no way to backup emails from a group. Do you have user accounts in your org that are “shared” between your employees?If you do, that’s a big no no. Account sharing is a horrible practice and is basically a ticking clock to some security incident…