Home lab to learn cloud(GCP) based security vulnerabilities. This is a project in progress that gets updated with new vulnerabilities starting with misconfigurations.
Deploying the terraform sets up a vulnerable environment with around 4 vulnerabilities.
The following 4 vulnerabilities are highlihted in this lab.
-
IAM Privilege Escalation
- A service account (
sa-ci-cd) is grantedroles/owner. - A low-privileged user can impersonate it and escalate to project owner.
- A service account (
-
Public Cloud Storage Bucket
- A bucket is world-readable (
allUsers: objectViewer). - Contains fake sensitive data + a flag (
FLAG{bucket_exposed_creds}).
- A bucket is world-readable (
-
Insecure Compute VM
- A VM has SSH open to
0.0.0.0/0. - It runs with the default service account (Editor role).
- Flag stored in
/tmp/flag.txt.
- A VM has SSH open to
-
Unauthenticated Cloud Function
- A Cloud Function (2nd Gen) is deployed with
roles/run.invokerforallUsers. - It leaks an environment variable secret (
FLAG{cloud_function_leak}).
- A Cloud Function (2nd Gen) is deployed with
- A GCP project (use free-tier / new sandbox project).
- gcloud SDK installed and authenticated:
gcloud auth application-default login gcloud config set project <YOUR_PROJECT_ID>
Note: Replace the email ids in the config file before deploying. further clear instructions on adding missing resources will be updated.
- delete the instances using terraform to clean up.
terraform destroy -var="project_id=<YOUR_PROJECT_ID>"