Google Apps Scripts Kill Chain

Presented at BSidesLV 2017, July 25, 2017, 2 p.m. (25 minutes)

Google Apps Scripts is a JavaScript cloud scripting language that provides easy ways to automate tasks across Google products and third party services and build web applications. However, it also provides relatively easy ways for attackers to automate infiltration, propagation, exfiltration and maintaining access to a compromised G Suit powered organization. While the platform has been used successfully for C&C (Carabank) previously, we feel it only scratched the surface as potential vectors.

Presenters:

• Maor Bin - Research Lead - Proofpoint
  I'm working as a research lead at Proofpoint, as part of the SaaS Protection product. We are researching customers' data in order to identify risks and threats in their cloud environment. We're also researching new and innovative attack vectors, so we would be able to block it when it becomes active. I used to work as a mobile researcher and (reverse eng) for several years.

Links:

• https://bsideslv2017.sched.com/event/BNF1/google-apps-scripts-kill-chain
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Google Apps Scripts Kill Chain - Maor Bin.mp4
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Google Apps Scripts Kill Chain - Maor Bin.eng.srt (subtitles)
• https://www.youtube.com/watch?v=EKO69sh9P_4

Similar Presentations:

• DEF CON 31 (2023) / GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps
• DEF CON 12 (2004) / Google Hacking
• DeepSec 2017 „Science First!“ / Cloud Of Suspicion: Scaling Up Phishing Campaigns Using Google Apps Scripts