YoVDO

Owning the Cloud Through SSRF

Offered By: 44CON Information Security Conference via YouTube

Tags

44CON Courses Ethical Hacking Courses Server-Side Request Forgery (SSRF) Courses Web Application Security Courses Cloud Security Courses

Course Description

Overview

Explore the intricacies of Server-Side Request Forgery (SSRF) attacks and their implications in cloud environments in this 31-minute conference talk from 44CON Information Security Conference. Delve into the OWASP definition of SSRF, understand cloud metadata, and examine basic examples and CVE cases. Navigate through SSRF hurdles, including headless browsers and HTML renderers. Discover techniques like simple XSS via wkhtmltopdf and advanced methods for bypassing security measures. Learn about WeasyPrint vulnerabilities and the power of source code analysis. Investigate DNS rebinding and HTTPRebind for enhanced attack vectors. Gain valuable insights into cloud security and SSRF mitigation strategies from security expert Cody Brocious.

Syllabus

Intro
WHO ARE WE
SSRF According to OWASP
What is Cloud Metadata?
Basic Example
CVE Examples
SSRF Hurdles
Headless Browsers
HTML Renderers
Simple XSS- SSRF via wkhtmltopdf
When Simple Fails
XSS via escaping tag
WeasyPrint Makes Hacking (W)easy
Use The Source
Attachments
DNS Rebinding for Fun and Profit
HTTPRebind
Recap
Keep in Touch


Taught by

44CON Information Security Conference

Related Courses

Architecting Microsoft Azure Solutions
Microsoft via edX Internetwork Security
Indian Institute of Technology, Kharagpur via Swayam Network Security
Georgia Institute of Technology via Udacity Microsoft Professional Orientation : Cloud Administration
Microsoft via edX Cyber Threats and Attack Vectors
University of Colorado System via Coursera