November 30, 2023 at 11:23AM

■■■■□ Delefriend: A proof-of-concept redteam tool to automatically find and abuse existing GCP service accounts with domain-wide delegation (DWD) on Google Workspace by smartly fuzzing all of the existing JWT combinations that are relevant to the initial GCP identity. A compromised GCP service account key with DWD enabled can be used to perform API calls on all of the identities in the target Workspace domain.

https://github.com/axon-git/DeleFriend

Details: https://www.hunters.security/en/blog/delefriend-a-newly-discovered-design-flaw-in-domain-wide-delegation-could-leave-google-workspace-vulnerable-for-takeover

https://t.me/cKure/13290