9214
9214 We first 9214 introduced 9214 the GCP VRP Prize 9214 in 2019 to encourage safety 9214 researchers to deal with the 9214 safety of GCP, in flip 9214 serving to us make GCP 9214 safer for our customers, clients, 9214 and the web at massive. 9214 Even 3 years into this 9214 system, the submissions we’re getting 9214 by no means stop to 9214 amaze us. After cautious analysis 9214 of the submissions, we’re excited 9214 to announce the 2021 winners:
9214 First Prize 9214 , $133,337: Sebastian Lutz for 9214 the report and write-up 9214 Bypassing Identification-Conscious Proxy 9214 . Sebastian’s glorious write-up outlines 9214 how he discovered a bug 9214 in Identification-Conscious Proxy (IAP) which 9214 an attacker might have exploited 9214 to realize entry to a 9214 consumer’s IAP-protected sources by making 9214 them go to an attacker-controlled 9214 URL and stealing their IAP 9214 auth token.
9214 Second Prize 9214 , $73,331: Imre Rad for 9214 the report and write-up 9214 GCE VM takeover through DHCP 9214 flood 9214 . The flaw described within 9214 the write-up would have allowed 9214 an attacker to realize entry 9214 to a Google Compute Engine 9214 VM by sending malicious DHCP 9214 packets to the VM and 9214 impersonating the GCE metadata server.
9214 Third Prize 9214 , $73,331: Mike Brancato for 9214 the report and write-up 9214 Distant Code Execution in Google 9214 Cloud Dataflow 9214 . Mike’s write-up describes how 9214 he found that Dataflow nodes 9214 had been exposing an unauthenticated 9214 Java JMX port and the 9214 way an attacker might have 9214 exploited this to run arbitrary 9214 instructions on the VM underneath 9214 some configurations.
9214 Fourth Prize 9214 , $31,337: Imre Rad for 9214 the write-up 9214 The Speckle Umbrella story — 9214 half 2 9214 which particulars a number 9214 of vulnerabilities that Imre present 9214 in Cloud SQL.
9214 (Keep in mind, you can 9214 also make a number of 9214 submissions for the GCP VRP 9214 Prize and be eligible for 9214 a couple of prize!)
9214 Fifth Prize 9214 , $1,001: Anthony Weems for 9214 the report and write-up 9214 Distant code execution in Managed 9214 Anthos Service Mesh management airplane 9214 . Anthony discovered a bug 9214 in Managed Anthos Service Mesh 9214 and got here up with 9214 a intelligent exploit to execute 9214 arbitrary instructions authenticated as a 9214 Google-managed per-project service account.
9214 Sixth Prize 9214 , $1,000: Ademar Nowasky Junior 9214 for the report and write-up 9214 9214 Command Injection in Google Cloud 9214 Shell 9214 . Ademar discovered a approach 9214 to bypass a number of 9214 the validation checks carried out 9214 by Cloud Shell. This may 9214 have allowed an attacker to 9214 run arbitrary instructions in a 9214 consumer’s Cloud Shell session by 9214 making them go to a 9214 maliciously crafted hyperlink.
9214 Congratulations to all of the 9214 winners!
9214 Here is a video that 9214 with extra particulars about every 9214 of the successful submissions:
9214
9214 New Particulars About 2022 GCP 9214 VRP
9214 We pays out a complete 9214 of $313,337 to the highest 9214 seven submissions within the 2022 9214 version of the GCP VRP 9214 Prize. Particular person prize quantities 9214 will likely be as follows:
- 9214 1st prize: $133,337
- 9214 2nd prize: $73,331
- 9214 third prize: $31,337
- 9214 4th prize: $31,311
- 9214 fifth prize: $17,311
- 9214 sixth prize: $13,373
- 9214 seventh prize: $13,337
9214 If you’re a safety researcher, 9214 here is how one can 9214 enter the competitors for the 9214 GCP VRP Prize 2022:
- 9214 Discover a vulnerability in a 9214 GCP product (try 9214 Google Cloud Free Program 9214 to get began).
- 9214 Report it to 9214 bughunters.google.com 9214 . Your bug must be 9214 awarded a monetary reward 9214 to be eligible for the 9214 GCP VRP Prize (the GCP 9214 VRP Prize cash will likely 9214 be along with what you 9214 obtained in your bug!).
- 9214 Create a public write-up describing 9214 your vulnerability report. One of 9214 many objectives behind the GCP 9214 VRP Prize is to advertise 9214 open analysis into cloud safety.
- 9214 Submit it 9214 right here 9214 .
9214 Make certain to submit your 9214 VRP studies and write-ups earlier 9214 than 9214 January 15, 2023 at 23:59 9214 PT. 9214 VRP studies which had 9214 been submitted in previous years 9214 however mounted solely in 2022 9214 are additionally eligible. You may 9214 try the official guidelines for 9214 the prize 9214 right here 9214 . Good luck!
9214
9214
9214
9214
9214
9214