Home

Awesome

IAM Privilege Escalation in GCP

Table of Contents

For more information on these privilege escalation methods, how to exploit them, the permissions they require, and more, see the blog posts on our website: Part 1 and Part 2

Current List of GCP IAM Privilege Escalation Methods

  1. cloudbuilds.builds.create: Script / Blog Post
  2. deploymentmanager.deployments.create: Script / Blog Post
  3. iam.roles.update: Script / Blog Post
  4. iam.serviceAccounts.getAccessToken: Script / Blog Post
  5. iam.serviceAccountKeys.create: Script / Blog Post
  6. iam.serviceAccounts.implicitDelegation: Script / Blog Post
  7. iam.serviceAccounts.signBlob: Script / Blog Post
  8. iam.serviceAccounts.signJwt: Script / Blog Post
  9. cloudfunctions.functions.create: Script / Blog Post
  10. cloudfunctions.functions.update: Script / Blog Post
  11. compute.instances.create: Script / Blog Post
  12. run.services.create: Script / Blog Post
  13. cloudscheduler.jobs.create: Blog Post
  14. orgpolicy.policy.set: Script / Blog Post
  15. storage.hmacKeys.create: Script / Blog Post
  16. serviceusage.apiKeys.create: Script / Blog Post
  17. serviceusage.apiKeys.list: Script / Blog Post