GWS - Workspace Pentesting
Entry Points
Google Platforms and OAuth Apps Phishing
Check how you could use different Google platforms such as Drive, Chat, Groups... to send the victim a phishing link and how to perform a Google OAuth Phishing in:
GWS - Google Platforms PhishingPassword Spraying
In order to test passwords with all the emails you found (or you have generated based in a email name pattern you might have discover) you could use a tool like https://github.com/ustayready/CredKing (although it looks unmaintained) which will use AWS lambdas to change IP address.
Post-Exploitation
If you have compromised some credentials or the session of the user you can perform several actions to access potential sensitive information of the user and to try to escala privileges:
GWS - Post ExploitationGWS <-->GCP Pivoting
GCP <--> Workspace PivotingPersistence
If you have compromised some credentials or the session of the user check these options to maintain persistence over it:
GWS - PersistenceAccount Compromised Recovery
Log out of all sessions
Change user password
Generate new 2FA backup codes
Remove App passwords
Remove OAuth apps
Remove 2FA devices
Remove email forwarders
Remove emails filters
Remove recovery email/phones
Removed malicious synced smartphones
Remove bad Android Apps
Remove bad account delegations
References
https://www.youtube-nocookie.com/embed/6AsVUS79gLw - Matthew Bryant - Hacking G Suite: The Power of Dark Apps Script Magic
https://www.youtube.com/watch?v=KTVHLolz6cE - Mike Felch and Beau Bullock - OK Google, How do I Red Team GSuite?
Last updated