CommSec: Unconventional Vulnerabilities In Google Cloud Platform

“Unconventional vulnerabilities in Google Cloud Platform” will showcase my path to how I discovered two interesting vulnerabilities in Google cloud platform. Via my approach, I was able to discover Cloudshell Command Injection and Code Editor Clickjacking. Cloudshell command injection started as a client side injection attack.

In my presentation, I will walk the audience members through how I was able to escalate it  and impact GCP customer across the board. Similarly, clickjacking started as a self-clickjacking. But the focus of the presentation will be to share how I was able to escalate it and impact all GCP customers. In addition, I will share some thoughts on the Google VRP.

Location: Date: November 1, 2018 Time: 3:00 pm - 3:30 pm Venkatesh Sivakumar