The Anatomy of a Google Cloud (GCP) Cryptomining Attack | EP. 2

EXPLORE

Society & Culture

Health & Fitness

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/8f/8b/4b/8f8b4b7c-0aef-e162-be28-476d9a9e7d36/mza_9900111694076175621.jpg/600x600bb.jpg

Detection Opportunities

CYBERWOX

9 episodes

5 days ago

Detection Opportunities is a podcast for security professionals who care about building resilient detection and response systems. Each episode explores real-world attacks, breaks down how signals become insights, and dives into the engineering mindset behind effective threat detection, investigation, and defense. Grounded in frontline experience across SIEM development, security operations, incident response, and threat hunting, this show brings a practical, systems-level lens to modern security engineering.

Show more...

All content for Detection Opportunities is the property of CYBERWOX and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Detection Opportunities is a podcast for security professionals who care about building resilient detection and response systems. Each episode explores real-world attacks, breaks down how signals become insights, and dives into the engineering mindset behind effective threat detection, investigation, and defense. Grounded in frontline experience across SIEM development, security operations, incident response, and threat hunting, this show brings a practical, systems-level lens to modern security engineering.

Show more...

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43563165/43563165-1745889509474-7bb8047c5945c.jpg

The Anatomy of a Google Cloud (GCP) Cryptomining Attack | EP. 2

Detection Opportunities

7 minutes

6 months ago

The Anatomy of a Google Cloud (GCP) Cryptomining Attack | EP. 2

GCP Service Accounts are interesting cloud identities. Let's review how they contributed to a Cryptocurrency Mining Attack in this Case.

_____________

🧬 EPISODE RESOURCES

🔹How A Compromised AWS Lambda Function Led to a Phishing Attack

🔹GCP Lateral Movement & PrivEsc

🔹GCP Service Accounts

🔹 DEFCON 30 Cloud Village - Weather Proofing GCP Defaults

🔹GCP IAM basic and predefined roles reference

_____________

⏰ TIMESTAMPS

00:00 How GCP Service Accounts Work

02:12 Initial Access - Stolen Service Account Credentials

02:52 Attack Flow

03:33 Privilege Escalation - Permission Upgrades

03:50 Detection Opportunity 1

04:04 Defense Evasion - Firewall Rule Modification

05:19 Detection Opportunity 2

05:38 1,600 VMs created during attack

05:51 Persistence - New Token Creations

06:16 Final Thoughts

_____________

⚡️⁠JOIN 6,000+ CWX MEMBERS ON DISCORD⁠

📰 ⁠SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER⁠

🥶 ⁠CYBERWOX MERCH⁠

_____________

🧬 CYBERWOX RESOURCES

🔹 ⁠Cyberwox Cybersecurity Notion Templates for planning your career⁠

🔹 ⁠Cyberwox Best Entry-Level Cybersecurity Resume Template⁠

🔹 ⁠Learn AWS Threat Detection with my LinkedIn Learning Course⁠

_____________

📱 LET'S CONNECT

→ ⁠⁠IG⁠⁠

→ ⁠⁠Threads⁠⁠

→ ⁠⁠Substack⁠⁠

→ ⁠⁠Twitter⁠⁠

→ ⁠⁠Linkedin⁠⁠

→ ⁠⁠Tiktok⁠⁠

Email: day@cyberwox.com

_____________

⚠️DISCLAIMER

This description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!

Email: day@cyberwox.com