“Unconventional vulnerabilities in Google Cloud Platform” will showcase my path to how I discovered two interesting vulnerabilities in Google cloud platform. Via my approach, I was able to discover Cloudshell Command Injection and Code Editor Clickjacking. Cloudshell command injection started as a client side injection attack.
In my presentation, I will walk the audience members through how I was able to escalate it and impact GCP customer across the board. Similarly, clickjacking started as a self-clickjacking. But the focus of the presentation will be to share how I was able to escalate it and impact all GCP customers. In addition, I will share some thoughts on the Google VRP.
