Back to directory
WRITEUP #1221

Exploiting misconfigured Google Cloud Service Accounts from GitHub Actions

CloudOIDCCI/CD
by@revbl0ck(Revblock)
Program
-
Published
May 2, 2023
Added to HackDex
May 18, 2023
Read Full Writeuphttps://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions/
RELATED WRITEUPS
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
AI / LLMCI/CD
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
Race ConditionCI/CD

Built with ❤️ by Shubham Rawat