YoVDO

Owning the Cloud Through SSRF

Offered By: 44CON Information Security Conference via YouTube

Tags

44CON Courses Ethical Hacking Courses Server-Side Request Forgery (SSRF) Courses Web Application Security Courses Cloud Security Courses

Course Description

Overview

Explore the intricacies of Server-Side Request Forgery (SSRF) attacks and their implications in cloud environments in this 31-minute conference talk from 44CON Information Security Conference. Delve into the OWASP definition of SSRF, understand cloud metadata, and examine basic examples and CVE cases. Navigate through SSRF hurdles, including headless browsers and HTML renderers. Discover techniques like simple XSS via wkhtmltopdf and advanced methods for bypassing security measures. Learn about WeasyPrint vulnerabilities and the power of source code analysis. Investigate DNS rebinding and HTTPRebind for enhanced attack vectors. Gain valuable insights into cloud security and SSRF mitigation strategies from security expert Cody Brocious.

Syllabus

Intro
WHO ARE WE
SSRF According to OWASP
What is Cloud Metadata?
Basic Example
CVE Examples
SSRF Hurdles
Headless Browsers
HTML Renderers
Simple XSS- SSRF via wkhtmltopdf
When Simple Fails
XSS via escaping tag
WeasyPrint Makes Hacking (W)easy
Use The Source
Attachments
DNS Rebinding for Fun and Profit
HTTPRebind
Recap
Keep in Touch


Taught by

44CON Information Security Conference

Related Courses

OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)
Cybrary Popular Web Attacks - XSS, CSRF, SSRF, SQL Injection, MIME Sniffing, Smuggling and More
Hussein Nasser via YouTube API-Induced SSRF - How Apple Pay Scattered Vulnerabilities Across the Web
Black Hat via YouTube A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages
Black Hat via YouTube SSRF PWNs - New Techniques and Stories
Hack In The Box Security Conference via YouTube