You see this SSRF attack yeah?
Big companies with strong engineering teams like Capital One, GitHub, Microsoft, Alibaba, and others, have all suffered from it in the past.
Once an attacker successfully exploits SSRF, they can pivot from the application into the underlying infrastructure, using credentials (keys, tokens, metadata secrets, etc.) that the server is tricked into returning.
From there, cloud-level access becomes possible, depending on the permissions of the exposed credentials. If your environment is poorly isolated, this can escalate into full infrastructure compromise.
This is how real incidents happen, and in worst-case scenarios, companies end up dealing with ransom demands or catastrophic data and infra loss, like what happened to Code Spaces.
I gave a talk on this vulnerability about 2 months ago at APIsec|CON (I’ll attach the video in the replies), & I’ve also decided to show how attackers exploit SSRF in this video for anyone willing to learn.
You can see how I tricked the server into making a request to its internal resource, saving the response in a static folder and serving me these cloud config data.
As a parent, I think this video has taught me something useful.
I recommend that you should try it on your kids, too.
I have also shared it with my wife.
Credit: joe_drummer_boy on IG.
There’s a protocol that has worked for me and my students.
And also helped @PrincewiIIChuka land foreign client.
But 99% of people will not like it or have the balls to implement it.
To the 1% however here’s exactly how to land foreign clients as a Nigerian based here:
If your degree didn’t give you a clear professional identity, go write CIS.
You’ll thank your future self for it.
And yes, you should come back to say thank you too. 😉