Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Know Your Organization : Mapping Entities in Go...

CyberWarFare Labs
September 25, 2022
Education
0
140

Know Your Organization : Mapping Entities in Google Workspace

c0c0n 2022 PPT

CyberWarFare Labs

September 25, 2022
Tweet

More Decks by CyberWarFare Labs

See All by CyberWarFare Labs
Introduction to Red Teaming in Hybrid Multi-Cloud Environment
cyberwarfarelabs
0
2.5k

Other Decks in Education

See All in Education
A question of time
ange
0
930
Introduction - Lecture 1 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
1.7k
1030
cbtlibrary
0
290
CSS3 and Responsive Web Design - Lecture 5 - Web Technologies (1019888BNR)
signer
PRO
1
2.4k
week13@tcue2024
nonxxxizm
0
550
The Gender Gap in the Technology Field and Efforts to Address It
codeforeveryone
0
150
Adobe Express
matleenalaakso
1
7.4k
Blogit opetuksessa
matleenalaakso
0
1.6k
データハンドリング/data_handling
florets1
2
140
ブームだけで終わらせない、組織内でコーチングを活用する方法/How to Use Coaching in Your Organization Without It Being Just a Fad
yuko_yokouchi
1
280
Qualtricsで相互作用実験する「SMARTRIQS」入門編
kscscr
0
300
小学生にスクラムを試してみた件~中学受検までの100週間の舞台裏~
ukky86
0
320

Featured

See All Featured
Faster Mobile Websites
deanohume
304
30k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
22k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Designing for Performance
lara
604
68k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
328
21k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
167
49k
Building Better People: How to give real-time feedback that sticks.
wjessup
363
19k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
37
1.8k
Teambox: Starting and Learning
jrom
132
8.7k
How to Think Like a Performance Engineer
csswizardry
19
1.1k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
107
49k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k

Transcript

  1. Know your Organization? Mapping Entities in Google WorkSpace By Manish

    Gupta & Yash Bharadwaj Copyright CyberWarFare R&D Pvt. Ltd.

  2. About us Manish Gupta • Co-Founder & CEO @CyberWarFare Labs

    • Interested in On-Prem & Cloud Offensive Information Security • Presented Research / Training at various International Conferences / Govt. Agencies Yash Bharadwaj • Co-Founder & CTO @CyberWarFare Labs • R&D in On-Prem & Enterprise Security Evasion • Presented Cyber Security Research / Training at various National / International Conferences • Twitter : @flopyash

  3. AGENDA 1. Uber Hack 2. About Google WorkSpace 3. Challenges

    4. Ideas to overcome challenges 5. Working methodology to map entities 6. Integrating with Attack Vectors 7. Extending to GUI support

  4. Uber Hack Case Study

  5. None

  6. Google WorkSpace [Previously G-Suite] • Collection of cloud computing, productivity

    & collaboration products • Large Customer Base of more than 6 Million Users • Used by Fortune 500, MNCs for day to day operations

  7. Challenges Discovery Restricted Mapping Entities Thousands of Entities (Users, Groups)

    in a single workspace account ONLY Accessible to Organization Administrators Tedious tasks to map the User / Group entities for Possible Attack Paths

  8. Ideas to Overcome Challenges Step 3 Lure the target to

    “Allow” the asked permissions with organization email Step 1 Create Application with OAuth Credential Step 2 Define the Scope to “Directory.ReadOnly” & “cloud-identity.groups.ReadOnly” Getting into Organization Google Workspace

  9. Implementation

  10. Generate OAuth Creds Obtain OAuth Creds so attacker app can

    request user’s data App follow OAuth Flow Generated OAuth Creds can be used to obtain “Client Authorization code” Directory Read Permissions Once Authorization Code is obtained, Read from the org directory Profit Use the information for identifying possible attack vectors 11.01.XX

  11. Weaponizing with Illicit Consent Grant Attack

  12. Tool Demonstration Link : https://vimeo.com/751984378

  13. None

  14. ANY QUESTIONS! [email protected] https://github.com/RedTeamOperations/GoogleWorkspaceDirectoryDump • Twitter : @cyberwarfarelab • LinkedIn

    : https://www.linkedin.com/company/cyberwarfare