What We Discuss with Dylan Ayrey:
CLICK ON THE TIMELINE TO HEAD STRAIGHT TO THE ANSWER TO THE QUESTION:
- 00:00 Podcast Intro
- 02:55 Who is Dylan and how he reached professional hacker status?
- 04:09 Cloud Security according to Dylan
- 04:51 What is big bounty and what does it have to do with responsible disclosure
- 06:35 Responsible disclosure for google cloud
- 08:42 What is metadata API?
- 12:09 What is SSRF?
- 14:45 How headers impacted Browser Security?
- 21:44 Google Cloud Service Account and Permissions
- 26:39 GKE Security
- 30:38 IAM permission boundary in GCP
- 32:30 Google Cloud Build Role
- 40:41 Whats it like to be at the receiving end of Bug Bounty?
- 45:40 Lateral Movement in Cloud vs On Premise
- 48:57 How exposed is the Google Cloud Network?
- 51:48 Which Cloud is best for Security?
- 54:34 How to get started in Bug Bounty for Google Cloud?
- 56:48 Truffle Hog
- 58:40 Fun Questions
THANKS, Dylan Ayrey!
If you enjoyed this session with Dylan Ayrey, let him know by clicking on the link below and sending her a quick shout out at Twitter:
Click here to thank Dylan Ayrey at Twitter!
Click here to let Ashish know about your number one takeaway from this episode!
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at email@example.com.
Resources from This Episode:
- Tools & services, discussed during the Interview