BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsideslv24//speaker//H337MQ
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsideslv24-MZVN8F@pretalx.com
DTSTART;TZID=PST:20240807T143000
DTEND;TZID=PST:20240807T145000
DESCRIPTION:The Cloud Shell feature from cloud service providers offers a c
 onvenient way to access resources within the cloud\, significantly improvi
 ng the user experience for both administrators and developers. However\, e
 ven though the spawned instance has a short lifespan\, granting excessive 
 permissions could still pose security risks to users. This talk reveals an
  abuse methodology that leverages an unexpected\, public-facing port in GC
 P Cloud Shell discovered during recon. Through manipulation in Linux Netfi
 lter's NAT table\, it serves various internally running services such as H
 TTP\, SOCKS\, and SSH within the Cloud Shell container to the public. This
  configuration could be exploited by adversaries to bypass the Google auth
 entication needed in its Web Preview feature to leak data\, to deliver mal
 icious content\, or to pivot attack traffic through the Google network.
DTSTAMP:20260516T235438Z
LOCATION:Florentine F
SUMMARY:One Port to Serve Them All - Google GCP Cloud Shell Abuse - Hubert 
 Lin
URL:https://pretalx.com/bsideslv24/talk/MZVN8F/
END:VEVENT
END:VCALENDAR