GhostToken - Exploiting Google Cloud Platform to Create Unremovable Trojan Apps

Explore a critical security presentation from DEF CON 31 that reveals a zero-day vulnerability in Google Cloud Platform affecting all Google users. Learn about the 'GhostToken' exploit that enables malicious applications to become permanently invisible and unremovable from user accounts while maintaining data access. Dive into the OAuth 2.0 standard fundamentals, including consent mechanisms, scoped authorization, and token types for third-party cloud platform applications. Understand Google's transition to mandatory GCP integration for app development and discover the technical details of how the vulnerability allows attackers to manipulate the app deletion state. Gain insights into detection methods for Google Workspace administrators, best practices for organizations implementing third-party access, and proposed solutions for OAuth standard implementation in major cloud providers. While knowledge of GCP and OAuth 2.0 flows is beneficial, the 24-minute talk provides comprehensive coverage of all necessary concepts.