Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Know Your Organization : Mapping Entities in Go...

Know Your Organization : Mapping Entities in Google Workspace

c0c0n 2022 PPT

CyberWarFare Labs

September 25, 2022
Tweet

More Decks by CyberWarFare Labs

Other Decks in Education

Transcript

  1. Know your Organization? Mapping Entities in Google WorkSpace By Manish

    Gupta & Yash Bharadwaj Copyright CyberWarFare R&D Pvt. Ltd.
  2. About us Manish Gupta • Co-Founder & CEO @CyberWarFare Labs

    • Interested in On-Prem & Cloud Offensive Information Security • Presented Research / Training at various International Conferences / Govt. Agencies Yash Bharadwaj • Co-Founder & CTO @CyberWarFare Labs • R&D in On-Prem & Enterprise Security Evasion • Presented Cyber Security Research / Training at various National / International Conferences • Twitter : @flopyash
  3. AGENDA 1. Uber Hack 2. About Google WorkSpace 3. Challenges

    4. Ideas to overcome challenges 5. Working methodology to map entities 6. Integrating with Attack Vectors 7. Extending to GUI support
  4. Google WorkSpace [Previously G-Suite] • Collection of cloud computing, productivity

    & collaboration products • Large Customer Base of more than 6 Million Users • Used by Fortune 500, MNCs for day to day operations
  5. Challenges Discovery Restricted Mapping Entities Thousands of Entities (Users, Groups)

    in a single workspace account ONLY Accessible to Organization Administrators Tedious tasks to map the User / Group entities for Possible Attack Paths
  6. Ideas to Overcome Challenges Step 3 Lure the target to

    “Allow” the asked permissions with organization email Step 1 Create Application with OAuth Credential Step 2 Define the Scope to “Directory.ReadOnly” & “cloud-identity.groups.ReadOnly” Getting into Organization Google Workspace
  7. Generate OAuth Creds Obtain OAuth Creds so attacker app can

    request user’s data App follow OAuth Flow Generated OAuth Creds can be used to obtain “Client Authorization code” Directory Read Permissions Once Authorization Code is obtained, Read from the org directory Profit Use the information for identifying possible attack vectors 11.01.XX