Skip to content

Instantly share code, notes, and snippets.

View 5stars217's full-sized avatar

adrianw 5stars217

29 followers · 67 following
View GitHub Profile
@5stars217
5stars217 / keybase.md
Created February 7, 2022 23:18

Keybase proof

I hereby claim:

  • I am 5stars217 on github.
  • I am threlfall (https://keybase.io/threlfall) on keybase.
  • I have a public key ASBno_Or2efff3CYxFE8IKmGmnNzZ1ETrW21mMfQMB2bIAo

To claim this, I am signing this object:

@5stars217
5stars217 / gcp cheats.md
Last active April 9, 2022 12:49

Purpose

*Most pentesting and gcp privilege escalation stuff out there for GCP assumes what I'm finding to be an absurd level of access handed to you.(i.e Human 2fa protected accounts, organization-wide read only IAM perms, etc that is not suitable for use in black box testing of mature environments.
There's a lot of data you need to use the gcp api only available behind mandatory 2fa protected human accounts that service accounts and low tier project accounts simply do not have access to enumerating if you find yourself having popped an application or shelled a instance somehow and have console-only access.

Intent of this is to break down various categories of escalation that will be available to service accounts, as well as point out various showstoppers.