What We Discuss with Dylan Ayrey:
CLICK ON THE TIMELINE TO HEAD STRAIGHT TO THE ANSWER TO THE QUESTION:
- 00:00 Podcast Intro
- 02:55 Who is Dylan and how he reached professional hacker status?
- 04:09 Cloud Security according to Dylan
- 04:51 What is big bounty and what does it have to do with responsible disclosure
- 06:35 Responsible disclosure for google cloud
- 08:42 What is metadata API?
- 12:09 What is SSRF?
- 14:45 How headers impacted Browser Security?
- 21:44 Google Cloud Service Account and Permissions
- 26:39 GKE Security
- 30:38 IAM permission boundary in GCP
- 32:30 Google Cloud Build Role
- 40:41 Whats it like to be at the receiving end of Bug Bounty?
- 45:40 Lateral Movement in Cloud vs On Premise
- 48:57 How exposed is the Google Cloud Network?
- 51:48 Which Cloud is best for Security?
- 54:34 How to get started in Bug Bounty for Google Cloud?
- 56:48 Truffle Hog
- 58:40 Fun Questions
THANKS, Dylan Ayrey!
If you enjoyed this session with Dylan Ayrey, let him know by clicking on the link below and sending her a quick shout out at Twitter:
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at firstname.lastname@example.org.
Resources from This Episode:
- Tools & services, discussed during the Interview