The GCP Metadata API - Security Considerations, Vulnerabilities, and Remediations

Explore the security implications of the Google Cloud Platform (GCP) Metadata API in this BSidesSF 2020 conference talk. Delve into the differences between AWS and GCP metadata APIs, understanding the additional protections and higher stakes involved in GCP. Learn about attack vectors and defense strategies for the GCP metadata API, as well as the potential risks it poses to organizations. Gain insights into GCP's resource hierarchy, service accounts, and Kubernetes Engine. Witness demonstrations of managed service accounts, role copying, and Cloud Build credentials. Discover recommendations for enhancing security, including the use of StackDriver, event threat detection, and network monitoring. Acquire valuable knowledge to better protect your GCP environment and mitigate potential vulnerabilities associated with the metadata API.