catalog logoThe IAM Privilege Catalog

risks / Network discovery

Description

Allows an attacker to inventory network resources. May allow an attacker to focus attacks on specific network locations.

Risk: LOW

This risk may assist in additional attacks, or gain access to confidential data that do not create organizational risk on their own.

Mitigations

  1. Use network filtering
  2. Use network segmentation
  3. Apply zero-trust networking principles

Links

  1. https:/​/​attack.mitre.org/​techniques/​T1046/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

appengine.instances.enableDebug
appengine.instances.get
appengine.instances.list
appengine.operations.get
appengine.operations.list
appengine.versions.get
appengine.versions.list
cloudbuild.workerpools.get
cloudbuild.workerpools.list
cloudfunctions.functions.get
cloudfunctions.functions.list
cloudfunctions.operations.get
cloudfunctions.operations.list
compute.addresses.get
compute.addresses.list
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.firewallPolicies.get
compute.firewallPolicies.list
compute.forwardingRules.get
compute.forwardingRules.list
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalForwardingRules.pscGet
compute.globalNetworkEndpointGroups.get
compute.globalNetworkEndpointGroups.list
compute.healthChecks.get
compute.healthChecks.list
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.instances.create
compute.instances.get
compute.instances.list
compute.instances.osAdminLogin
compute.instances.osLogin
compute.interconnects.get
compute.interconnects.list
compute.interconnectsAttachments.get
compute.interconnectsAttachments.list
compute.networkEndpointGroups.get
compute.networkEndpointGroups.list
compute.networks.get
compute.networks.list
compute.networks.listPeeringRoutes
compute.packetMirrorings.get
compute.packetMirrorings.list
container.clusters.list
container.daemonSets.get
container.daemonSets.getStatus
container.daemonSets.list
container.deployments.get
container.deployments.getStatus
container.deployments.list
container.endpointSlices.get
container.endpointSlices.list
container.endpoints.get
container.endpoints.list
container.ingresses.get
container.ingresses.getStatus
container.ingresses.list
container.jobs.get
container.jobs.getStatus
container.jobs.list
container.nodes.get
container.nodes.getStatus
container.nodes.list
container.pods.get
container.replicaSets.get
container.replicaSets.getStatus
container.replicaSets.list
container.services.get
container.services.getStatus
container.services.list
container.services.updateStatus
container.statefulSets.get
container.statefulSets.getStatus
container.statefulSets.list
dns.changes.get
dns.changes.list
dns.managedZoneOperations.get
dns.managedZoneOperations.list
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.policies.get
dns.policies.list
dns.projects.get
dns.resourceRecordSets.get
dns.resourceRecordSets.list
© 2023–present P0 Security and contributors to the IAM Privilege Catalog