Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Owning the Cloud Through SSRF

44CON Information Security Conference via YouTube

Overview

Explore the intricacies of Server-Side Request Forgery (SSRF) attacks and their implications in cloud environments in this 31-minute conference talk from 44CON Information Security Conference. Delve into the OWASP definition of SSRF, understand cloud metadata, and examine basic examples and CVE cases. Navigate through SSRF hurdles, including headless browsers and HTML renderers. Discover techniques like simple XSS via wkhtmltopdf and advanced methods for bypassing security measures. Learn about WeasyPrint vulnerabilities and the power of source code analysis. Investigate DNS rebinding and HTTPRebind for enhanced attack vectors. Gain valuable insights into cloud security and SSRF mitigation strategies from security expert Cody Brocious.

Syllabus

Intro
WHO ARE WE
SSRF According to OWASP
What is Cloud Metadata?
Basic Example
CVE Examples
SSRF Hurdles
Headless Browsers
HTML Renderers
Simple XSS- SSRF via wkhtmltopdf
When Simple Fails
XSS via escaping tag
WeasyPrint Makes Hacking (W)easy
Use The Source
Attachments
DNS Rebinding for Fun and Profit
HTTPRebind
Recap
Keep in Touch

Taught by

44CON Information Security Conference

Reviews

Start your review of Owning the Cloud Through SSRF

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.