Auth bypass: Leaking Google Cloud service accounts and projects
Tags
attack-pattern: Data New Service - T1050
Show in Graph
Common Information
Type Value
UUID a39161f9-734c-4954-b3c1-3187075d7c78
Fingerprint fbbc9d15de5d6f7
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 26, 2020, 11:42 a.m.
Added to db Jan. 18, 2023, 11:11 p.m.
Last updated Nov. 17, 2024, 6:30 p.m.
Headline Ezequiel Pereira
Title Auth bypass: Leaking Google Cloud service accounts and projects
Detected Hints/Tags/Attributes 34/1/41
Source URLs
Redirection Url
Details Source https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html?m=1
URL Provider
Details Provider Source level domain
Details ezequiel.tech www.ezequiel.tech
Attributes
Details Type #Events CTI Value
Details Domain 5 
iam.googleapis.com
Details Domain 1 
attacker-project.iam.gserviceaccount.com
Details Domain 3 
appspot.gserviceaccount.com
Details Domain 80 
goo.gl
Details Domain 2 
encode.sh
Details Domain 1 
victim-project.iam.gserviceaccount.com
Details Domain 3 
developer.gserviceaccount.com
Details Domain 3 
iam.gserviceaccount.com
Details Domain 831 
example.com
Details Domain 1 
project-1234.example.com.iam.gserviceaccount.com
Details Domain 1 
gcf-admin-robot.iam.gserviceaccount.com
Details Domain 1 
cloud-ml.google.com.iam.gserviceaccount.com
Details Domain 707 
google.com
Details Email 1 
projects/attacker-project/serviceaccounts/firebase-adminsdk-y9tkf@attacker-project.iam.gserviceaccount.com
Details Email 1 
firebase-adminsdk-y9tkf@attacker-project.iam.gserviceaccount.com
Details Email 1 
projects/attacker-project/serviceaccounts/evil-account@attacker-project.iam.gserviceaccount.com
Details Email 1 
evil-account@attacker-project.iam.gserviceaccount.com
Details Email 1 
projects/attacker-project/serviceaccounts/attacker-project@appspot.gserviceaccount.com
Details Email 1 
attacker-project@appspot.gserviceaccount.com
Details Email 1 
projects/attacker-project/serviceaccounts/malicious-robot@attacker-project.iam.gserviceaccount.com
Details Email 1 
malicious-robot@attacker-project.iam.gserviceaccount.com
Details Email 1 
projects/attacker-project/serviceaccounts/bad-account@attacker-project.iam.gserviceaccount.com
Details Email 1 
bad-account@attacker-project.iam.gserviceaccount.com
Details Email 1 
projects/attacker-project/serviceaccounts/kitten-pics@victim-project.iam.gserviceaccount.com
Details Email 1 
kitten-pics@victim-project.iam.gserviceaccount.com
Details Email 1 
projects/attacker-project/serviceaccounts/302071612485-compute@developer.gserviceaccount.com
Details Email 1 
302071612485-compute@developer.gserviceaccount.com
Details Email 1 
projects/attacker-project/serviceaccounts/cancer-cure@victim-project.iam.gserviceaccount.com
Details Email 1 
cancer-cure@victim-project.iam.gserviceaccount.com
Details Email 1 
projects/attacker-project/serviceaccounts/db-admin@victim-project.iam.gserviceaccount.com
Details Email 1 
db-admin@victim-project.iam.gserviceaccount.com
Details Email 1 
service-311429251604@gcf-admin-robot.iam.gserviceaccount.com
Details Email 1 
localhost&response_type=token&client_id=service-311429251604@gcf-admin-robot.iam.gserviceaccount.com
Details IPv4 142 
192.168.0.1
Details Url 1 
https://iam.googleapis.com/v1/projects/attacker-project/serviceaccounts
Details Url 1 
https://iam.googleapis.com/v1/projects/attacker-project/serviceaccounts?pagesize=3
Details Url 1 
https://iam.googleapis.com/v1/projects/attacker-project/serviceaccounts?pagetoken=cg:cjsehzwicrgdiaaqcknjs1vttwvzr3c
Details Url 1 
https://iam.googleapis.com/v1/projects/attacker-project/serviceaccounts?pagetoken=cg:cmwi_kblcbgdiaa
Details Url 1 
https://iam.googleapis.com/v1/projects/attacker-project/serviceaccounts?pagetoken=cg:cmwi_kblcbgdiaaqcknkx1m5yjnnq1e
Details Url 1 
https://accounts.google.com/o/oauth2/v2/auth?scope=email&redirect_uri=http:
Details Url 1 
https://accounts.google.com/o/oauth2/v2/auth?scope=email&redirect_uri=http://localhost&response_type=token&client_id=service-311429251604@gcf-admin-robot.iam.gserviceaccount.com