GCP - Vertex AI Enum

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Vertex AI

Vertex AI ni Google Cloud’s unified machine learning platform kwa kujenga, ku-deploy, na kusimamia AI models kwa kiwango. Inachanganya huduma mbalimbali za AI na ML katika jukwaa moja lililounganishwa, ikimuwezesha data scientists na ML engineers:

• Train custom models kwa kutumia AutoML au custom training
• Deploy models kwenye scalable endpoints kwa ajili ya predictions
• Manage the ML lifecycle kutoka experimentation hadi production
• Access pre-trained models kutoka Model Garden
• Monitor and optimize performance ya model

Key Components

Models

Vertex AI models ni wakilishaji wa trained machine learning models ambazo zinaweza ku-deploy kwenye endpoints kwa ajili ya serving predictions. Models zinaweza kuwa:

• Uploaded kutoka custom containers au model artifacts
• Created kupitia AutoML training
• Imported kutoka Model Garden (pre-trained models)
• Versioned na multiple versions kwa kila model

Kila model ina metadata ikijumuisha framework yake, container image URI, artifact location, na serving configuration.

Endpoints

Endpoints ni resources zinazohost models zilizodeploy na kutoa online predictions. Mambo muhimu:

• Inaweza ku-host multiple deployed models (kwa traffic splitting)
• Inatoa HTTPS endpoints kwa real-time predictions
• Inasaidia autoscaling kulingana na traffic
• Inaweza kutumia private au public access
• Inasaidia A/B testing kupitia traffic splitting

Custom Jobs

Custom jobs zinakuwezesha kuendesha custom training code ukitumia containers zako au Python packages. Sifa ni pamoja na:

• Support kwa distributed training na multiple worker pools
• Configurable machine types na accelerators (GPUs/TPUs)
• Service account attachment kwa ku-access rasilimali nyingine za GCP
• Integration na Vertex AI Tensorboard kwa visualization
• Chaguzi za VPC connectivity

Hyperparameter Tuning Jobs

Jobs hizi zinatafuta kwa automatiska hyperparameters bora kwa kuendesha majaribio mengi ya training na combinations mbalimbali za parameters.

Model Garden

Model Garden inatoa access kwa:

• Pre-trained Google models
• Open-source models (including Hugging Face)
• Third-party models
• Uwezo wa one-click deployment

Tensorboards

Tensorboards hutoa visualization na monitoring kwa experiments za ML, kufuatilia metrics, model graphs, na maendeleo ya training.

Service Accounts & Permissions

Kwa default, Vertex AI services zinatumia Compute Engine default service account (PROJECT_NUMBER-compute@developer.gserviceaccount.com), ambayo ina ruhusa za Editor kwenye project. Hata hivyo, unaweza kutaja custom service accounts wakati wa:

• Ku-create custom jobs
• Ku-upload models
• Ku-deploy models kwenye endpoints

Service account hii inatumika kwa:

• Kufikia training data katika Cloud Storage
• Kuandika logs kwenye Cloud Logging
• Kufikia secrets kutoka Secret Manager
• Kuingiliana na huduma nyingine za GCP

Data Storage

• Model artifacts zinahifadhiwa katika Cloud Storage buckets
• Training data kwa kawaida iko katika Cloud Storage au BigQuery
• Container images zinahifadhiwa katika Artifact Registry au Container Registry
• Logs zinatumwa kwa Cloud Logging
• Metrics zinatumwa kwa Cloud Monitoring

Encryption

Kwa default, Vertex AI inatumia Google-managed encryption keys. Pia unaweza kusanidi:

• Customer-managed encryption keys (CMEK) kutoka Cloud KMS
• Encryption inahusu model artifacts, training data, na endpoints

Networking

Vertex AI resources zinaweza kusanidiwa kwa:

• Public internet access (default)
• VPC peering kwa private access
• Private Service Connect kwa secure connectivity
• Shared VPC support

Enumeration

# List models
gcloud ai models list --region=<region>
gcloud ai models describe <model-id> --region=<region>
gcloud ai models list-version <model-id> --region=<region>

# List endpoints
gcloud ai endpoints list --region=<region>
gcloud ai endpoints describe <endpoint-id> --region=<region>
gcloud ai endpoints list --list-model-garden-endpoints-only --region=<region>

# List custom jobs
gcloud ai custom-jobs list --region=<region>
gcloud ai custom-jobs describe <job-id> --region=<region>

# Stream logs from a running job
gcloud ai custom-jobs stream-logs <job-id> --region=<region>

# List hyperparameter tuning jobs
gcloud ai hp-tuning-jobs list --region=<region>
gcloud ai hp-tuning-jobs describe <job-id> --region=<region>

# List model monitoring jobs
gcloud ai model-monitoring-jobs list --region=<region>
gcloud ai model-monitoring-jobs describe <job-id> --region=<region>

# List Tensorboards
gcloud ai tensorboards list --region=<region>
gcloud ai tensorboards describe <tensorboard-id> --region=<region>

# List indexes (for vector search)
gcloud ai indexes list --region=<region>
gcloud ai indexes describe <index-id> --region=<region>

# List index endpoints
gcloud ai index-endpoints list --region=<region>
gcloud ai index-endpoints describe <index-endpoint-id> --region=<region>

# Get operations (long-running operations status)
gcloud ai operations describe <operation-id> --region=<region>

# Test endpoint predictions (if you have access)
gcloud ai endpoints predict <endpoint-id> \
--region=<region> \
--json-request=request.json

# Make direct predictions (newer API)
gcloud ai endpoints direct-predict <endpoint-id> \
--region=<region> \
--json-request=request.json

Ukusanyaji wa Taarifa za Mfano

# Get detailed model information including versions
gcloud ai models describe <model-id> --region=<region>

# Check specific model version
gcloud ai models describe <model-id>@<version> --region=<region>

# List all versions of a model
gcloud ai models list-version <model-id> --region=<region>

# Get model artifact location (usually a GCS bucket)
gcloud ai models describe <model-id> --region=<region> --format="value(artifactUri)"

# Get container image URI
gcloud ai models describe <model-id> --region=<region> --format="value(containerSpec.imageUri)"

Maelezo ya Endpoint

# Get endpoint details including deployed models
gcloud ai endpoints describe <endpoint-id> --region=<region>

# Get endpoint URL
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(deployedModels[0].displayName)"

# Get service account used by endpoint
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(deployedModels[0].serviceAccount)"

# Check traffic split between models
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(trafficSplit)"

Taarifa za Kazi Maalum

# Get job details including command, args, and service account
gcloud ai custom-jobs describe <job-id> --region=<region>

# Get service account used by job
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].serviceAccount)"

# Get container image used
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].containerSpec.imageUri)"

# Check environment variables (may contain secrets)
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].containerSpec.env)"

# Get network configuration
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.network)"

Udhibiti wa Ufikiaji

# Note: IAM policies for individual Vertex AI resources are managed at the project level
# Check project-level permissions
gcloud projects get-iam-policy <project-id>

# Check service account permissions
gcloud iam service-accounts get-iam-policy <service-account-email>

# Check if endpoints allow unauthenticated access
# This is controlled by IAM bindings on the endpoint
gcloud projects get-iam-policy <project-id> \
--flatten="bindings[].members" \
--filter="bindings.role:aiplatform.user"

Uhifadhi na Artefakti

# Models and training jobs often store artifacts in GCS
# List buckets that might contain model artifacts
gsutil ls

# Common artifact locations:
# gs://<project>-aiplatform-<region>/
# gs://<project>-vertex-ai/
# gs://<custom-bucket>/vertex-ai/

# Download model artifacts if accessible
gsutil -m cp -r gs://<bucket>/path/to/artifacts ./artifacts/

# Check for notebooks in AI Platform Notebooks
gcloud notebooks instances list --location=<location>
gcloud notebooks instances describe <instance-name> --location=<location>

Bustani ya Modeli

# List Model Garden endpoints
gcloud ai endpoints list --list-model-garden-endpoints-only --region=<region>

# Model Garden models are often deployed with default configurations
# Check for publicly accessible endpoints

Privilege Escalation

Kwenye ukurasa ufuatao, unaweza kuona jinsi ya abuse Vertex AI permissions to escalate privileges:

GCP - Vertex AI Privesc

Marejeleo

• https://cloud.google.com/vertex-ai/docs
• https://cloud.google.com/vertex-ai/docs/reference/rest

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.