-
Published a short blogpost about how the introduction of
#IMDSv2 affects#SSRF attempts on#AWS#EC2 instances, especially when attempting to retrieve#metadata information. https://blog.appsecco.com/server-side-request-forgery-ssrf-and-aws-ec2-instances-after-instance-meta-data-service-version-38fc1ba1a28a …#reInvent2019#cloudsecurity#owasp cc:@appseccouk -
New blog post on our blog covering the
#AWS EC2 Instance Metadata version 2 release. Our blog post will get you up and running in using the version 2 in no time, with information on how to disable in case something breaks.#IMDSv2#reInventhttps://blog.appsecco.com/getting-started-with-version-2-of-aws-ec2-instance-metadata-service-imdsv2-2ad03a1f3650 …Prikaži ovu nit -
Published a continuation blogpost on automating migration to AWS EC2
#IMDSv2 using#ansible. https://blog.appsecco.com/automating-migration-to-version-2-of-aws-ec2-instance-metadata-service-imdsv2-in-scale-c0e3e23f15f2 …#reInvent2019#cloudsecurity#aws cc:@appseccouk -
@awscloud responds to attacks like the one on Cap1 with#IMDSv2. Put request to get an initial token. TTL =1 to limit the IMDS tokens external reach.. This limits mis-conf radius blast. Compromised instance still = compromised IMDS token https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/?utm_content=106034537&utm_medium=social&utm_source=twitter&hss_channel=tw-1184539364 … -
#AWS#IMDSv2 can bulletproof your server against SSRF – Here’s the recipe:#AWSreinvent2019#cybersecurity#cyber#automation#orchestration#cybertraining#infosec#endpoints#vulnerability https://buff.ly/2sNL9Rs pic.twitter.com/Pn3lI2ncIc
-
Our latest blogpost describes the new version of Instance Metadata for
#AWS#EC2 which requires you to authenticate & use token to make further requests. Fixes all vanilla#SSRF where only destination can be controlled https://blog.appsecco.com/getting-started-with-version-2-of-aws-ec2-instance-metadata-service-imdsv2-2ad03a1f3650 …#IMDSv2#reInvent#reInvent2019 -
We checked for X-HTTP-Method-Override support on
#AWS#EC2#IMDSv2 and looks like it is not supported by the instance#metadata endpoint. https://blog.appsecco.com/aws-ec2-imdsv2-versus-an-esoteric-http-method-8bc1b9616ae8 …#owasp#appsec#bugbountytipshttps://twitter.com/coffeetocode/status/1211449115629871106 …Prikaži ovu nit -
https://aws-blog.de/2020/01/three-hurdles-to-skip-before-using-the-secure-instance-metadata-service-v2.html … Three hurdles to skip before using the secure Instance Metadata Service V2: You may think you can use Instance Metadata Service V2 right away, but there are a few caveats - Here you can read how to make everything work.
#security#aws#cdk#imdsv2 pic.twitter.com/09KsRfmjF7
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.