GCP - Vertex AI Enumeracija

Tip

Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Učite i vežbajte Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

• Proverite planove pretplate!
• Pridružite se 💬 Discord grupi ili telegram grupi ili pratite nas na Twitteru 🐦 @hacktricks_live.
• Podelite hakerske trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.

Vertex AI

Vertex AI je Google Cloud-ova jedinstvena platforma za mašinsko učenje za izgradnju, deploy i upravljanje AI modelima u skali. Kombinuje različite AI i ML servise u jednu integrisanu platformu, omogućavajući data scientist-ima i ML inženjerima da:

• Treniraju prilagođene modele koristeći AutoML ili prilagođeno treniranje
• Deploy-uju modele na skalabilne endpoints za predikcije
• Upravljaju ML životnim ciklusom od eksperimentisanja do produkcije
• Pristupe predtreniranim modelima iz Model Garden
• Prate i optimizuju performanse modela

Ključne komponente

Models

Vertex AI modeli predstavljaju istrenirane modele mašinskog učenja koji se mogu deploy-ovati na endpoints za serviranje predikcija. Modeli mogu biti:

• Upload-ovani iz prilagođenih containera ili model artifacts
• Kreirani kroz AutoML training
• Importovani iz Model Garden (predtrenirani modeli)
• Versioned sa više verzija po modelu

Svaki model ima metadata koja uključuje njegov framework, container image URI, lokaciju artifakta i serving konfiguraciju.

Endpoints

Endpoints su resursi koji hostuju deploy-ovane modele i služe online predikcije. Ključne karakteristike:

• Mogu hostovati više deploy-ovanih modela (sa traffic splitting)
• Pružaju HTTPS endpoints za real-time predikcije
• Podržavaju autoscaling prema saobraćaju
• Mogu koristiti privatan ili javni pristup
• Podržavaju A/B testiranje kroz traffic splitting

Custom Jobs

Custom jobs omogućavaju pokretanje prilagođenog training koda koristeći sopstvene containere ili Python pakete. Karakteristike uključuju:

• Podršku za distribuirano treniranje sa više worker pool-ova
• Konfigurisane machine types i accelerators (GPUs/TPUs)
• Prikačenje service account-a za pristup drugim GCP resursima
• Integraciju sa Vertex AI Tensorboard za vizualizaciju
• Opcije VPC connectivity

Hyperparameter Tuning Jobs

Ovi job-ovi automatski traže optimalne hyperparametre pokretanjem više training trial-ova sa različitim kombinacijama parametara.

Model Garden

Model Garden daje pristup:

• Predtreniranim Google modelima
• Open-source modelima (uključujući Hugging Face)
• Third-party modelima
• Jednim klikom deploy opcijama

Tensorboards

Tensorboards pružaju vizualizaciju i monitoring za ML eksperimente, prateći metrike, model grafove i napredak treninga.

Service Accounts & Permissions

Po default-u, Vertex AI servisi koriste Compute Engine default service account (PROJECT_NUMBER-compute@developer.gserviceaccount.com), koji ima Editor permisije na projektu. Međutim, možete specificirati prilagođene service account-e kada:

• Kreirate custom jobs
• Upload-ujete modele
• Deploy-ujete modele na endpoints

Ovaj service account se koristi za:

• Pristup training podacima u Cloud Storage
• Pisanje logova u Cloud Logging
• Pristup sekretima iz Secret Manager
• Interakciju sa drugim GCP servisima

Data Storage

• Model artifacts se čuvaju u Cloud Storage bucket-ovima
• Training podaci obično se nalaze u Cloud Storage ili BigQuery
• Container images su smeštene u Artifact Registry ili Container Registry
• Logovi se šalju u Cloud Logging
• Metrike se šalju u Cloud Monitoring

Encryption

Po default-u, Vertex AI koristi Google-managed encryption keys. Takođe možete konfigurirati:

• Customer-managed encryption keys (CMEK) iz Cloud KMS
• Enkripcija se primenjuje na model artifacts, training podatke i endpoints

Networking

Vertex AI resursi se mogu konfigurisati za:

• Javni internet pristup (default)
• VPC peering za privatni pristup
• Private Service Connect za sigurnu konektivnost
• Shared VPC podršku

Enumeracija

# List models
gcloud ai models list --region=<region>
gcloud ai models describe <model-id> --region=<region>
gcloud ai models list-version <model-id> --region=<region>

# List endpoints
gcloud ai endpoints list --region=<region>
gcloud ai endpoints describe <endpoint-id> --region=<region>
gcloud ai endpoints list --list-model-garden-endpoints-only --region=<region>

# List custom jobs
gcloud ai custom-jobs list --region=<region>
gcloud ai custom-jobs describe <job-id> --region=<region>

# Stream logs from a running job
gcloud ai custom-jobs stream-logs <job-id> --region=<region>

# List hyperparameter tuning jobs
gcloud ai hp-tuning-jobs list --region=<region>
gcloud ai hp-tuning-jobs describe <job-id> --region=<region>

# List model monitoring jobs
gcloud ai model-monitoring-jobs list --region=<region>
gcloud ai model-monitoring-jobs describe <job-id> --region=<region>

# List Tensorboards
gcloud ai tensorboards list --region=<region>
gcloud ai tensorboards describe <tensorboard-id> --region=<region>

# List indexes (for vector search)
gcloud ai indexes list --region=<region>
gcloud ai indexes describe <index-id> --region=<region>

# List index endpoints
gcloud ai index-endpoints list --region=<region>
gcloud ai index-endpoints describe <index-endpoint-id> --region=<region>

# Get operations (long-running operations status)
gcloud ai operations describe <operation-id> --region=<region>

# Test endpoint predictions (if you have access)
gcloud ai endpoints predict <endpoint-id> \
--region=<region> \
--json-request=request.json

# Make direct predictions (newer API)
gcloud ai endpoints direct-predict <endpoint-id> \
--region=<region> \
--json-request=request.json

Prikupljanje informacija o modelu

# Get detailed model information including versions
gcloud ai models describe <model-id> --region=<region>

# Check specific model version
gcloud ai models describe <model-id>@<version> --region=<region>

# List all versions of a model
gcloud ai models list-version <model-id> --region=<region>

# Get model artifact location (usually a GCS bucket)
gcloud ai models describe <model-id> --region=<region> --format="value(artifactUri)"

# Get container image URI
gcloud ai models describe <model-id> --region=<region> --format="value(containerSpec.imageUri)"

Detalji krajnje tačke

# Get endpoint details including deployed models
gcloud ai endpoints describe <endpoint-id> --region=<region>

# Get endpoint URL
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(deployedModels[0].displayName)"

# Get service account used by endpoint
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(deployedModels[0].serviceAccount)"

# Check traffic split between models
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(trafficSplit)"

Informacije o prilagođenom zadatku

# Get job details including command, args, and service account
gcloud ai custom-jobs describe <job-id> --region=<region>

# Get service account used by job
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].serviceAccount)"

# Get container image used
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].containerSpec.imageUri)"

# Check environment variables (may contain secrets)
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].containerSpec.env)"

# Get network configuration
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.network)"

Kontrola pristupa

# Note: IAM policies for individual Vertex AI resources are managed at the project level
# Check project-level permissions
gcloud projects get-iam-policy <project-id>

# Check service account permissions
gcloud iam service-accounts get-iam-policy <service-account-email>

# Check if endpoints allow unauthenticated access
# This is controlled by IAM bindings on the endpoint
gcloud projects get-iam-policy <project-id> \
--flatten="bindings[].members" \
--filter="bindings.role:aiplatform.user"

Skladištenje i artefakti

# Models and training jobs often store artifacts in GCS
# List buckets that might contain model artifacts
gsutil ls

# Common artifact locations:
# gs://<project>-aiplatform-<region>/
# gs://<project>-vertex-ai/
# gs://<custom-bucket>/vertex-ai/

# Download model artifacts if accessible
gsutil -m cp -r gs://<bucket>/path/to/artifacts ./artifacts/

# Check for notebooks in AI Platform Notebooks
gcloud notebooks instances list --location=<location>
gcloud notebooks instances describe <instance-name> --location=<location>

Model Garden

# List Model Garden endpoints
gcloud ai endpoints list --list-model-garden-endpoints-only --region=<region>

# Model Garden models are often deployed with default configurations
# Check for publicly accessible endpoints

Privilege Escalation

Na sledećoj stranici možete proveriti kako da abuse Vertex AI permissions to escalate privileges:

GCP - Vertex AI Privesc

Izvori

• https://cloud.google.com/vertex-ai/docs
• https://cloud.google.com/vertex-ai/docs/reference/rest

Tip

Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Učite i vežbajte Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

• Proverite planove pretplate!
• Pridružite se 💬 Discord grupi ili telegram grupi ili pratite nas na Twitteru 🐦 @hacktricks_live.
• Podelite hakerske trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.