2025-08-05 –, Florentine A
Google Cloud’s Identity-Aware Proxy (IAP) is often seen as the final gatekeeper for internal GCP services - but what happens when that gate quietly swings open? This session uncovers how subtle misconfigurations in IAP can lead to serious data exposure, even in environments with no public IPs, strict VPC Service Controls, and hardened perimeters. We’ll introduce a new vulnerability in IAP that enables data exfiltration, allowing attackers to bypass traditional network controls entirely, without ever sending traffic to the public internet. In addition, we’ll walk through real-world examples of overly permissive IAM bindings, misplaced trust in user-supplied headers, and overlooked endpoints that quietly expand the attack surface. Attendees will gain a deeper understanding of IAP’s internal workings, practical detection strategies, and a critical perspective on trust boundaries in GCP.
This talk delivers a technical dive into Google Cloud’s IAP, a service widely used to enforce access controls on internal applications - and often assumed to be foolproof. We begin with a concise overview of how IAP works behind the scenes, including its identity enforcement model and how it integrates with IAM and backend services.
The goal of this talk isn’t just to highlight common misconfigurations and warn people not to repeat them, because plenty of blog posts already do that. Instead, the core focus is on teaching defenders how these misconfigurations manifest in logs once an attacker begins to exploit them, equipping them to build effective detections and stop breaches before they escalate. Whether it’s during the initial configuration tampering or while actively bypassing controls, I’ll walk through what those activities actually look like in GCP logs. For each misconfiguration, I’ll present real log snippets, unpack the most revealing details, and show how to correlate signals, even those outside of IAP-specific logs, to detect and investigate IAP abuse effectively.
The highlight of the session is a new research technique we've developed: exploiting IAP's CORS behavior to exfiltrate sensitive data using preflight OPTIONS requests, effectively bypassing traditional network egress controls. This method can succeed even in highly restricted environments with no internet access, no public IPs, and VPC Service Controls fully enforced. The issue has been responsibly disclosed to Google and is currently under review, with an expected review timeline of 30 days.
We’re sharing this research to highlight just how fragile IAP configurations can be, where even a minor misstep or overlooked setting can unintentionally expose internal resources to the internet. Alongside the technique, we’ll provide practical detection strategies to help defenders identify this specific attack vector through GCP’s logging infrastructure.
We’ll wrap up by walking through practical detection strategies using GCP’s audit and access logs, showing how to identify abuse patterns, correlate signals across services, and improve visibility into how IAP is being used (or misused). These techniques are designed to help defenders surface subtle signs of exploitation and build more resilient monitoring around one of GCP’s most sensitive access gateways.
Ariel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related security research at Mitiga. With a specialization in application security, Ariel excels in discovering new attack vectors associated to cloud environment.