Bug Bounty: Exploiting AWS Cloud WebApps with SSRF

「ツール」は右上に移動しました。

利用したサーバー: wtserver1

11いいね 174 views回再生

Bug Bounty: Exploiting AWS Cloud WebApps with SSRF

Can Hackers Really Steal AWS Accounts This Easily? (SSRF via IMDSv1) | Bug Bounty

This technical deep-dive explores Server-Side Request Forgery (SSRF) vulnerabilities targeting AWS Instance Metadata Service version 1 (IMDSv1), a critical security issue that affects cloud applications worldwide. Through practical demonstration and analysis, we'll examine how this vulnerability works, its potential impact, and effective mitigation strategies.

Try it out yourself:
https://github.com/ethicalPap/IMDSv1_...

----------------------------------------------------------------------------------

Timestamps:
0:46 Instance Metadata Service (IMDS) Explained
2:03 How SSRF is possible with IMDS
2:41 setting up AWS vulnerable environment with Terraform
5:53 Implementing SSRF Attack
13:29 Destroying the Demo Environment
14:36 How to mitigate this vulnerability
16:35 Outtro

----------------------------------------------------------------------------------

Social Link:
Github https://github.com/ethicalPap
LinkedIn / vankperry
Research Profile: https://orcid.org/0009-0001-5052-6882

Join our community!
Discord / discord

----------------------------------------------------------------------------------

Website:
https://projectpapsec.com

Business Email:
ethicalpap@gmail.com

----------------------------------------------------------------------------------

Video Editor:
filmzjasper@gmail.com

Bug Bounty: Exploiting AWS Cloud WebApps with SSRF

コメント