conf 2024-11-06 16:00 – 16:45 La Marive EN

GCP CL_WHY: The Hacker’s And The Hero Guide To The CLI

Name: Black Alps 2024
Start: 2024-11-06
End: 2024-11-07
Location: La Marive, Yverdon-les-Bains

Abstract

The Google Cloud Platform Command Line Interface (GCP CLI) is a powerful tool for developers and administrators, but it poses a significant risk when exploited by threat actors. This talk explores how threat actors can leverage the GCP CLI for initial access and data exfiltration. We'll examine the GCP CLI, its associated credentials, how attackers steal these credentials, and ways they can bypass misconfigured security controls. Crucially, we'll delve into a multi-layered defense strategy to secure the GCP CLI. Finally, the talk will cover proactive detection methods to alert you to GCP CLI-based intrusion attempts. Join this session to learn how to effectively protect your cloud environment against these sophisticated attacks.

Speaker

Shannon McHale

Senior Red Team Consultant

Google

Shannon McHale is a Senior Consultant on the Mandiant (Now Part of Google Cloud) Red Team. Shannon has lead the development of the cloud service lines at Mandiant since 2022 and formerly held the GCP Security Engineer Certification. She has presented at DefCon, WiCyS, ShmooCon, and more. She has prioritized giving back to the security community through presentations and mentoring those just beginning their career.

Talk

GCP CL_WHY: The Hacker’s And The Hero Guide To The CLI