How a Google Cloud Vulnerability Creates a Severe Supply Chain Risk

Presented by

Roi Nisimi, Security Researcher — Coby Penso, Data Scientist — Jason Silberman, Technical Evangelist

About this talk

Bad.Build is a critical vulnerability discovered by the Orca Research Pod in the Google Cloud Build CI/CD service, which enables attackers to gain unauthorized access to code and images in Artifact Registry. The flaw presents a significant supply chain risk since it allows the injection of malicious code into applications, which could then be downloaded and installed by customers and partners. Learn from our speakers as they deep-dive into the anatomy of Bad.Build and provide practical recommendations on how to fortify your defenses around the use of the Google Cloud Build service. In this webcast, we’ll cover: • The steps that led to the Bad.Build discovery • A live demonstration of the Proof of Concept exploit, which includes Privilege Escalation and Remote Code Execution • Recommendations on how to reduce exposure to this risk
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (90)
Subscribers (22795)
Orca Security is the industry-leading Cloud Security Platform that identifies, prioritizes, and remediates security risks and compliance issues across your cloud estate spanning AWS, Azure, Google Cloud and Kubernetes.