Elevate Your SSRF Game - Weaponizing Internal DNS Records to Expose Hidden Endpoints
Security BSides London via YouTube
2,000+ Free Courses with Certificates: Coding, AI, SQL, and More
Master Production-Ready Machine Learning, Step by Step
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Learn how to exploit Server-Side Request Forgery (SSRF) vulnerabilities in modern web architectures through an innovative SSRF² technique presented in this 32-minute Security BSides London conference talk. Discover how to challenge trust boundaries by leveraging the same SSRF primitive twice across different security contexts, transforming restricted blind SSRF vulnerabilities into critical security breaches. Explore real-world examples demonstrating how this powerful technique can bypass sophisticated defense mechanisms and entire security stacks designed to prevent internal access, all without requiring complex chains or extensive reconnaissance.
Syllabus
Elevate Your SSRF Game: Weaponize Internal DNS Records To Expose Hidden Endpoints - Guy Arazi
Taught by
Security BSides London