Article by Aloïs THÉVENOT.

Privilege Escalation in Google Cloud Platform

Permission  Resources
cloudbuilds.builds.create Script / Blog Post
cloudfunctions.functions.create Script / Blog Post
cloudfunctions.functions.update Script / Blog Post
cloudscheduler.jobs.create Blog Post
composer.environments.get Blog Post 1, 2
compute.instances.create Script / Blog Post
dataflow.jobs.create Blog Post 1, 2
dataflow.jobs.update Blog Post 1, 2
dataproc.clusters.create Blog Post 1, 2
dataproc.clusters.create Blog Post 1, 2
dataproc.jobs.create Blog Post 1, 2
dataproc.jobs.update Blog Post 1, 2
deploymentmanager.deployments.create Script / Blog Post
iam.roles.update Script / Blog Post
iam.serviceAccountKeys.create Script / Blog Post
iam.serviceAccounts.getAccessToken Script / Blog Post
iam.serviceAccounts.implicitDelegation Script / Blog Post
iam.serviceAccounts.signBlob Script / Blog Post
iam.serviceAccounts.signJwt Script / Blog Post
orgpolicy.policy.set Script / Blog Post
run.services.create Script / Blog Post
serviceusage.apiKeys.create Script / Blog Post
serviceusage.apiKeys.list Script / Blog Post
storage.hmacKeys.create Script / Blog Post