The document discusses an SSRF attack on Amazon EC2 Instance Metadata Service (IMDS) version 1. It describes how IMDSv1 could be accessed from outside the instance by exploiting vulnerabilities in a web application firewall (WAF). The attack allowed accessing credentials of an IAM role that had permissions to an S3 bucket storing personal information. To mitigate such risks, Amazon introduced IMDSv2, which the document then explains can still be bypassed using techniques like the Gopher protocol. It concludes by emphasizing the need for organizations to strengthen defenses against SSRF attacks.
2019/10/16
初心者向けCTFのWeb分野の強化法
CTFのweb分野を勉強しているものの本番でなかなか解けないと悩んでいないでしょうか?そんな悩みを持った方を対象に、私の経験からweb分野の強化法を解説します。
How to strengthen the CTF Web field for beginners !!
Although you are studying the CTF web field, are you worried that you can't solve it in production?
For those who have such problems, I will explain how to strengthen the web field based on my experience.
(study group) https://yahoo-osaka.connpass.com/event/149524/
The document discusses an SSRF attack on Amazon EC2 Instance Metadata Service (IMDS) version 1. It describes how IMDSv1 could be accessed from outside the instance by exploiting vulnerabilities in a web application firewall (WAF). The attack allowed accessing credentials of an IAM role that had permissions to an S3 bucket storing personal information. To mitigate such risks, Amazon introduced IMDSv2, which the document then explains can still be bypassed using techniques like the Gopher protocol. It concludes by emphasizing the need for organizations to strengthen defenses against SSRF attacks.
2019/10/16
初心者向けCTFのWeb分野の強化法
CTFのweb分野を勉強しているものの本番でなかなか解けないと悩んでいないでしょうか?そんな悩みを持った方を対象に、私の経験からweb分野の強化法を解説します。
How to strengthen the CTF Web field for beginners !!
Although you are studying the CTF web field, are you worried that you can't solve it in production?
For those who have such problems, I will explain how to strengthen the web field based on my experience.
(study group) https://yahoo-osaka.connpass.com/event/149524/
This document summarizes a microservices meetup hosted by @mosa_siru. Key points include:
1. @mosa_siru is an engineer at DeNA and CTO of Gunosy.
2. The meetup covered Gunosy's architecture with over 45 GitHub repositories, 30 stacks, 10 Go APIs, and 10 Python batch processes using AWS services like Kinesis, Lambda, SQS and API Gateway.
3. Challenges discussed were managing 30 microservices, ensuring API latency below 50ms across availability zones, and handling 10 requests per second with nginx load balancing across 20 servers.
This document summarizes a microservices meetup hosted by @mosa_siru. Key points include:
1. @mosa_siru is an engineer at DeNA and CTO of Gunosy.
2. The meetup covered Gunosy's architecture with over 45 GitHub repositories, 30 stacks, 10 Go APIs, and 10 Python batch processes using AWS services like Kinesis, Lambda, SQS and API Gateway.
3. Challenges discussed were managing 30 microservices, ensuring API latency below 50ms across availability zones, and handling 10 requests per second with nginx load balancing across 20 servers.
Survey and Analysis of ICS Vulnerabilities (Japanese)Digital Bond
Masaki Kubo of JPCERT provides some statistical analysis of the ICS vulnerabilities. He also looks at the coding errors that caused the vulnerabilities and takes an indepth look at recent Yokogawa vulnerabilities.
36. 速報: EC2にてSSRF多層防御が実装された
What’s new in IMDSv2
With IMDSv2, every request is now protected by session authentication. A session
begins and ends a series of requests that software running on an EC2 instance uses to
access the locally-stored EC2 instance metadata and credentials. The software starts a
session with a simple HTTP PUT request to IMDSv2. IMDSv2 returns a secret token to
the software running on the EC2 instance, which will use the token as a password to
make requests to IMDSv2 for metadata and credentials. Unlike traditional passwords,
you don’t need to worry about getting the token to the software, because the
software gets it for itself with the PUT request. The token is never stored by IMDSv2
and can never be retrieved by subsequent calls, so a session and its token are
effectively destroyed when the process using the token terminates. There’s no limit
on the number of requests within a single session, and there’s no limit on the number
of IMDSv2 sessions. Sessions can last up to six hours and, for added security, a
session token can only be used directly from the EC2 instance where that session
began.
36
https://aws.amazon.com/jp/blogs/security/defense-in-depth-open-firewalls-reverse-
proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/