Bug Bounty: Exploiting AWS Cloud WebApps with SSRF

音が流れない場合、再生を一時停止してもう一度再生してみて下さい。

ツール　

175回再生

Bug Bounty: Exploiting AWS Cloud WebApps with SSRF

Can Hackers Really Steal AWS Accounts This Easily? (SSRF via IMDSv1) | Bug Bounty

This technical deep-dive explores Server-Side Request Forgery (SSRF) vulnerabilities targeting AWS Instance Metadata Service version 1 (IMDSv1), a critical security issue that affects cloud applications worldwide. Through practical demonstration and analysis, we'll examine how this vulnerability works, its potential impact, and effective mitigation strategies.

Try it out yourself:
github.com/ethicalPap/IMDSv1_SSRF_Demo

----------------------------------------------------------------------------------

Timestamps:
0:46 Instance Metadata Service (IMDS) Explained
2:03 How SSRF is possible with IMDS
2:41 setting up AWS vulnerable environment with Terraform
5:53 Implementing SSRF Attack
13:29 Destroying the Demo Environment
14:36 How to mitigate this vulnerability
16:35 Outtro

----------------------------------------------------------------------------------

Social Link:
Github github.com/ethicalPap
LinkedIn www.linkedin.com/in/vankperry/
Research Profile: orcid.org/0009-0001-5052-6882

Join our community!
Discord discord.gg/6Bm6uqh7xP

----------------------------------------------------------------------------------

Website:
projectpapsec.com/

Business Email:
ethicalpap@gmail.com

----------------------------------------------------------------------------------

Video Editor:
filmzjasper@gmail.com

Bug Bounty: Exploiting AWS Cloud WebApps with SSRF

コメント