Google has been offering $100,000 as a GCP prize from the Google Bug Bounty program to encourage security researchers to focus on the security of the Google Cloud Platform. This amount has been increased to $313,337 this year. If you want to know how to hack Google network for $313,337 continue reading further. The cash prize is offered to ethical hackers for finding the best vulnerability on the Google Cloud Platform.
This year the prize was awarded to Ezequiel Pereira for the prize-winning bug. A server-side forgery attack with requests to internal Google services by its remote code execution.
The video below will help you understand the bug and the discovery process.
The second prize of $73,331 was awarded to David Nechuta, who discovered a Server-side Request Forgery (SSRF) bug in Google Cloud Monitoring’s uptime check feature. The bug could be used to leak the authentication token of the service account used for these checks.
While the third prize of $73,331 was shared between Dylan Ayreyand Allison Donovan for presenting a report and write-up for Fixing a Google Vulnerability. They explained the issues related to the default permissions associated with some of the service accounts used by GCP services.
Other Winners of 2020 GCP VRP Prize
- The fourth Prize of $31,337 was won by Bastien Chatelard for the report and write-up Escaping GKE gVisor sandboxing using metadata. He discovered a bug in the GKE gVisor sandbox’s network policy implementation, which made the Google Compute Engine metadata API accessible.
- The fifth Prize of $1,001 was won by Brad Geesaman for the report and write-up CVE-2020-15157 “ContainerDrip” Write-up. The bug compromised the container into leaking instance metadata by supplying a malicious container image manifest.
- While the sixth prize of $1,000 was won by Chris Moberly for the report and write-up Privilege Escalation in Google Cloud Platform’s OS Login. It demonstrated how cybercriminals can use DHCP poisoning to escalate their privileges on a Google Compute Engine VM.
Do you Want to Hack Google Network?
If you want to Hack Google Network you will require the skills mentioned below.
- Find a vulnerability in a GCP product – Google Cloud Free Program would be a perfect start.
- Report the vulnerability to VRP – You may earn a few dollars just for reporting it, besides the GCP VRP Prize.
- Create a public write-up
- Submit it here
Make sure you don’t miss the bus, submit your VRP reports and write-ups before December 31, 2021, at 11:59 GMT. Happy hunting to all the talented vulnerability researchers out there. You can read the GCP VRP Prize Official Rules in detail here.