Continuous Threat Exposure Management for Google Cloud

On July 9th, 2020, an independent security firm discovered a trove of personal health information belonging to Pfizer patients on the public internet. The breach exposed unencrypted conversations between patients and providers of four different Pfizer products, including full names, home addresses, email addresses, phone numbers, and medical status details. The entry point of this data breach? One misconfigured Google Cloud storage bucket.

Misconfigurations in public cloud platforms like Google Cloud often have devastating security implications. These platforms allow developers and systems administrators to quickly deploy and update applications or digital infrastructure. Unfortunately, many businesses do not have adequate visibility into their cloud environments and struggle to detect when a change has security implications.

To help our customers continuously monitor their threat exposure from GCP assets, Praetorian built a Chariot capability that continuously enumerates assets in GCP environments.

What is the GCP Capability?

The GCP capability pulls a daily list of active assets from all connected GCP projects and places these assets into Chariot’s scanning queue. The capability will enumerate assets from a variety of cloud services, including compute instances, serverless functions, and Google Cloud DNS records.

How to use the GCP capability?

To integrate Chariot with a GCP environment, create a GCP service account with the `roles/Viewer` role in each project you wish Chariot to scan, and provide the service account’s email address and private key to Chariot. For more information on leveraging the GCP capability, please see the official documentation. Once configured Chariot will routinely enumerate GCP assets and scan each identified asset for exploitable vulnerabilities.

Getting Started With Chariot

Curious what vulnerabilities you may have in your cloud attack surface? Create a free Chariot account and configure the Chariot GCP integration. It will have results ready faster than you can say “Google me”.

About the Authors

Adam Crosser

Adam Crosser

Adam is an operator on the red team at Praetorian. He is currently focused on conducting red team operations and capabilities development.

Catch the Latest

Catch our latest exploits, news, articles, and events.

Ready to Discuss Your Next Continuous Threat Exposure Management Initiative?

Praetorian’s Offense Security Experts are Ready to Answer Your Questions

Copy link