“Anatomy of an API Attack: Elastic Injection”

In this episode, we cover the technique of Elastic Stack injection, where attackers inject queries into API calls which are in turn executed in back-end Elastic services. Organizations often implement Elastic Stack as a SIEM or general data storage for applications. These instances of Elastic clusters are sometimes misconfigured or exposed, enabling attackers to manipulate API requests and obtain access to data or functionality for which they’re unauthorized.