The document provides an overview of Google Cloud Platform (GCP), highlighting its services for application management, data storage, and analysis. It discusses key features like granular permissions, centralized management, and identity and access management (IAM) to enhance security. Additionally, it covers common misconfigurations in GCP, such as public exposure of storage buckets and IAM policies.

1. HACKING GCP FOR FUN &
PROFIT

2. Security Engineer at BugBase
Pursuing MBBS
Part-time Bug bounty hunter
CyberSecurity Trainer & Mentor
eJPT, CRTP
Successfully Hacked and
Secured 150+ companies
AGNIBHA DUTTA
Y0GI
aka
WHOAMI?

3. Cloud Providers in Market

4. Introduction to Google Cloud Platform
GCP (Google Cloud Platform) is a suite of cloud computing services
provided by Google. It offers a wide range of services and tools for building,
deploying, and managing applications, as well as for storing and analyzing
data. GCP enables businesses, developers, and organizations to use
Google's infrastructure and resources for scalable and reliable cloud
solutions.

5. Granular Permissions: Assign specific permissions to different users for various
resources, enabling precise access control and enhancing security within the GCP
environment.
Centralized Management: Simplifies the administration of user permissions and access
policies across all GCP resources from a single platform, improving efficiency and
compliance.
Identity and Access Management (IAM) in GCP allows administrators to control who has
access to cloud resources, ensuring secure and precise management of permissions.
GCP IAM Basics

6. COMPUTE ENGINE
Virtual Machine Instances: Compute Engine provides scalable, high-performance (VM) instances that
can be customized to meet various requirements.
Integration with GCP Services: Seamlessly integrates with other GCP services such as Cloud Storage,
BigQuery, and Kubernetes Engine, enabling comprehensive solutions for various computing needs.
Service Account Integration: Compute Engine allows users to attach service accounts to VM
instances, granting them access to other Google Cloud services without requiring explicit
authentication, enhancing automation and seamless integration within GCP environments.

7. GCP STORAGE BUCKET
Storage Bucket is something similar to AWS S3 bucket and allows you to store files
Sometimes buckets can be misconfigured and be publicly exposed.

8. Let’s look at some Misconfigs !

9. GCP MISCONFIG
Adding principles like ‘allUsers’ or ‘allAuthenticatedUsers’
Misconfigured GCP Bucket Policy and Publicaly exposed

10. SSRF in GCP

12. IAM misconfig in GCP

13. Exposed Private Keys

15. Any Questions?
My Socials:
https://x.com/AnonY0gi
https://linkedin.com/in/y0gi

16. THANK YOU