gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-04-28 12:03:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Normalize Vertex AI docs to enum/privesc/post-exploitation structure

Browse Source
This commit is contained in:
Carlos Polop
2026-04-07 14:24:55 +02:00
parent f69b96a436
commit 6b2c22a0f3
5 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/SUMMARY.md
View File

@@ -104,6 +104,7 @@
- [GCP - Pub/Sub Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-pub-sub-post-exploitation.md) - [GCP - Pub/Sub Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-pub-sub-post-exploitation.md)
- [GCP - Secretmanager Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-secretmanager-post-exploitation.md) - [GCP - Secretmanager Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-secretmanager-post-exploitation.md)
- [GCP - Security Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-security-post-exploitation.md) - [GCP - Security Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-security-post-exploitation.md)
- [GCP - Vertex AI Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-vertex-ai-post-exploitation.md)
- [GCP - Workflows Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-workflows-post-exploitation.md) - [GCP - Workflows Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-workflows-post-exploitation.md)
- [GCP - Storage Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-storage-post-exploitation.md) - [GCP - Storage Post Exploitation](pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-storage-post-exploitation.md)
- [GCP - Privilege Escalation](pentesting-cloud/gcp-security/gcp-privilege-escalation/README.md) - [GCP - Privilege Escalation](pentesting-cloud/gcp-security/gcp-privilege-escalation/README.md)
@@ -197,7 +198,6 @@
- [GCP - Spanner Enum](pentesting-cloud/gcp-security/gcp-services/gcp-spanner-enum.md) - [GCP - Spanner Enum](pentesting-cloud/gcp-security/gcp-services/gcp-spanner-enum.md)
- [GCP - Stackdriver Enum](pentesting-cloud/gcp-security/gcp-services/gcp-stackdriver-enum.md) - [GCP - Stackdriver Enum](pentesting-cloud/gcp-security/gcp-services/gcp-stackdriver-enum.md)
- [GCP - Storage Enum](pentesting-cloud/gcp-security/gcp-services/gcp-storage-enum.md) - [GCP - Storage Enum](pentesting-cloud/gcp-security/gcp-services/gcp-storage-enum.md)
- [GCP - Vertex AI Agent Engine Abuse](pentesting-cloud/gcp-security/gcp-services/gcp-vertex-ai-agent-engine-abuse.md)
- [GCP - Vertex AI Enum](pentesting-cloud/gcp-security/gcp-services/gcp-vertex-ai-enum.md) - [GCP - Vertex AI Enum](pentesting-cloud/gcp-security/gcp-services/gcp-vertex-ai-enum.md)
- [GCP - Workflows Enum](pentesting-cloud/gcp-security/gcp-services/gcp-workflows-enum.md) - [GCP - Workflows Enum](pentesting-cloud/gcp-security/gcp-services/gcp-workflows-enum.md)
- [GCP <--> Workspace Pivoting](pentesting-cloud/gcp-security/gcp-to-workspace-pivoting/README.md) - [GCP <--> Workspace Pivoting](pentesting-cloud/gcp-security/gcp-to-workspace-pivoting/README.md)

6
src/pentesting-cloud/gcp-security/gcp-services/gcp-vertex-ai-agent-engine-abuse.md → src/pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-vertex-ai-post-exploitation.md
View File

@@ -1,4 +1,4 @@
# GCP - Vertex AI Agent Engine Abuse # GCP - Vertex AI Post Exploitation
{{#include ../../../banners/hacktricks-training.md}} {{#include ../../../banners/hacktricks-training.md}}
@@ -9,7 +9,7 @@ This page focuses on **Vertex AI Agent Engine / Reasoning Engine** workloads tha
For the general Vertex AI overview check: For the general Vertex AI overview check:
{{#ref}} {{#ref}}
gcp-vertex-ai-enum.md ../gcp-services/gcp-vertex-ai-enum.md
{{#endref}} {{#endref}}
For classic Vertex AI privesc paths using custom jobs, models, and endpoints check: For classic Vertex AI privesc paths using custom jobs, models, and endpoints check:
@@ -182,7 +182,7 @@ This is valuable even if write access is blocked because it exposes:
For more Artifact Registry background check: For more Artifact Registry background check:
{{#ref}} {{#ref}}
gcp-artifact-registry-enum.md ../gcp-services/gcp-artifact-registry-enum.md
{{#endref}} {{#endref}}
## Tenant-project pivot: deployment artifact retrieval ## Tenant-project pivot: deployment artifact retrieval

3
src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-iam-privesc.md
View File

@@ -42,7 +42,7 @@ An attacker with the mentioned permissions will be able to **request an access t
For a **resource-driven** variant where attacker-controlled code steals a **managed Vertex AI Agent Engine runtime token** from the metadata service and reuses it as the Vertex AI service agent, check: For a **resource-driven** variant where attacker-controlled code steals a **managed Vertex AI Agent Engine runtime token** from the metadata service and reuses it as the Vertex AI service agent, check:
{{#ref}} {{#ref}}
../gcp-services/gcp-vertex-ai-agent-engine-abuse.md ../gcp-post-exploitation/gcp-vertex-ai-post-exploitation.md
{{#endref}} {{#endref}}
```bash ```bash
@@ -164,4 +164,3 @@ You can find an example on how to create and OpenID token behalf a service accou
{{#include ../../../banners/hacktricks-training.md}} {{#include ../../../banners/hacktricks-training.md}}

4
src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-vertex-ai-privesc.md
View File

@@ -10,10 +10,10 @@ For more information about Vertex AI check:
../gcp-services/gcp-vertex-ai-enum.md ../gcp-services/gcp-vertex-ai-enum.md
{{#endref}} {{#endref}}
For **Agent Engine / Reasoning Engine** abuse using the runtime metadata service, the default Vertex AI service agent, and cross-project pivoting into consumer / producer / tenant resources, check: For **Agent Engine / Reasoning Engine** post-exploitation paths using the runtime metadata service, the default Vertex AI service agent, and cross-project pivoting into consumer / producer / tenant resources, check:
{{#ref}} {{#ref}}
../gcp-services/gcp-vertex-ai-agent-engine-abuse.md ../gcp-post-exploitation/gcp-vertex-ai-post-exploitation.md
{{#endref}} {{#endref}}
### `aiplatform.customJobs.create`, `iam.serviceAccounts.actAs` ### `aiplatform.customJobs.create`, `iam.serviceAccounts.actAs`

10
src/pentesting-cloud/gcp-security/gcp-services/gcp-vertex-ai-enum.md
View File

@@ -14,10 +14,10 @@
### Agent Engine / Reasoning Engine ### Agent Engine / Reasoning Engine
For **Agent Engine / Reasoning Engine** specific enumeration and abuse paths involving **metadata credential theft**, **P4SA abuse**, and **producer/tenant project pivoting**, check: For **Agent Engine / Reasoning Engine** specific enumeration and post-exploitation paths involving **metadata credential theft**, **P4SA abuse**, and **producer/tenant project pivoting**, check:
{{#ref}} {{#ref}}
gcp-vertex-ai-agent-engine-abuse.md ../gcp-post-exploitation/gcp-vertex-ai-post-exploitation.md
{{#endref}} {{#endref}}
### Key Components ### Key Components
@@ -271,6 +271,12 @@ In the following page, you can check how to **abuse Vertex AI permissions to esc
../gcp-privilege-escalation/gcp-vertex-ai-privesc.md ../gcp-privilege-escalation/gcp-vertex-ai-privesc.md
{{#endref}} {{#endref}}
### Post Exploitation
{{#ref}}
../gcp-post-exploitation/gcp-vertex-ai-post-exploitation.md
{{#endref}}
## References ## References
- [https://cloud.google.com/vertex-ai/docs](https://cloud.google.com/vertex-ai/docs) - [https://cloud.google.com/vertex-ai/docs](https://cloud.google.com/vertex-ai/docs)