BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: One Port to Serve Them All - Google GCP Cloud Shell Abuse\n When: Friday\, Aug 9\, 12:10 - 12:30 PDT\n Where: LVCC West/Fl oor 1/Hall 2/HW2-09-01 - [1]Map\n\n Description:\n\n The Cloud Shell f eature from cloud service providers offers a\n convenient way to access resources within the cloud\, significantly\n improving the user experien ce for both administrators and developers.\n However\, even though the s pawned instance has a short lifespan\,\n granting excessive permissions could still pose security risks to\n users. This talk reveals an abuse m ethodology that leverages an\n unexpected\, public-facing port in GCP Cl oud Shell discovered during\n recon. Through manipulation in Linux Netfi lter's NAT table\, it serves\n various internally running services such as HTTP\, SOCKS\, and SSH\n within the Cloud Shell container to the publ ic. This configuration\n could be exploited by adversaries to bypass the Google authentication\n needed in its Web Preview feature to leak data\ , to deliver malicious\n content\, or to pivot attack traffic through th e Google network.\n\n SpeakerBio: Hubert Lin\n\n Hubert Lin is an off ensive security expert\, specializing in remote\n vulnerability exploita tion\, honeypots\, and penetration testing. He\n previously led the sign ature team for network threat defense and was a\n senior staff engineer on the Red Team at Trend Micro. In his roles\, he\n assessed network int rusion prevention systems and conducted sanctioned\n red team exercises to enhance corporate security. Hubert holds\n certifications as a Red Ha t Certified Engineer (RHCE) and an Offensive\n Security Certified Profes sional (OSCP). Currently\, he works at\n Netskope as a Sr. Staff Researc her.\n\n '\n\n 1. #LVCCW_Level1_Hall2\n\n\n DTEND:20240809T193000Z DTSTART:20240809T191000Z LOCATION:CLV - LVCC West/Floor 1/Hall 2/HW2-09-01 SUMMARY:One Port to Serve Them All - Google GCP Cloud Shell Abuse END:VEVENT END:VCALENDAR