SSRF PWNs - New Techniques and Stories

Explore advanced Server-Side Request Forgery (SSRF) techniques and real-world exploitation stories in this 48-minute conference talk from the Hack In The Box Security Conference. Delve into new attack vectors, including memcached and PHP FastCGI exploits, and learn how to leverage SSRF for direct socket communication with various applications. Discover expanded protocol usage beyond standard network libraries and gain insights from a comprehensive SSRF cheatsheet. Examine case studies of SSRF-related vulnerabilities in major platforms, with a focus on exploits targeting Yandex, a leading Russian Internet company. Gain valuable knowledge on web application security, network perimeter bypassing, and cutting-edge SSRF attack methodologies from security experts Vladimir Vorontsov and Alexander Golovko.

Introduction
Previous techniques
Simple spoofing attacks
Reflection attack
Reflection attacks
TCP Fast Open
TCP Security Limitations
ARP Version 6
TCP First Open Concept Attack
Link Local Addresses
IP Version 6
Protocols
Which server is most secure
SSL Validator
Main Schema
yandex bug bounty
results
questions