- Published on
The challenge provides JSON credentials that can be used to authenticate and enumerate Service Accounts. IAM enumeration reveals that the SA has the permission to do service sccount impersonation. Further enumeration reveals a testing Cloud Function which could be invoked by an impersonated service account leading to the flag