Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive conference talk that delves deep into the security implications of Service Agents in Google Cloud Platform. Learn how these machine identities, despite being positioned as inconsequential, often possess administrative-level permissions that could potentially be exploited. Discover transitive access techniques and understand how Service Agents' permissions can be manipulated to access services and data without direct resource permissions. Follow along as Principal Security Researcher Kat Traxler demonstrates a real-world case of Service Agent abuse leading to data exfiltration, bypassing explicit Storage permissions. Gain valuable insights into the vulnerabilities within Google Cloud's machine identity ecosystem and understand the security implications that challenge common assumptions about Service Agent safety. The presentation includes practical demonstrations and detailed explanations of how service functionality can be leveraged by end users to direct Service Agent actions for unauthorized data access.
