Warning: preg_grep(): Compilation failed: quantifier does not follow a repeatable item at offset 116 in /var/www/tg-me/post.php on line 75 Библиотека хакера | Hacking, Infosec, ИБ, информационная безопасность | Telegram Webview: hackproglib/4296 -
🔍 Как смоделировать атаку на API со связкой SSRF → metadata API → RCE
В современных облачных средах API — популярная цель для SSRF‑атак. Злоумышленник может попасть в metadata‑endpoint (AWS/GCP/Azure), получить временные токены и выполнить удалённый код.
Промпт:
Simulate a detailed attack chain exploiting a web API via SSRF to access the cloud metadata service (AWS/GCP/Azure), steal credentials, escalate privileges, and execute remote code. Include: – Detailed API misconfiguration (e.g., no IP filtering, open redirect) – SSRF payload examples for AWS IMDSv1/IMDSv2 bypass – Token theft and how to abuse IAM roles – Demonstration of RCE (e.g., launching a malicious container) – Full mitigation plan: input validation, network segmentation, metadata protection
🔍 Как смоделировать атаку на API со связкой SSRF → metadata API → RCE
В современных облачных средах API — популярная цель для SSRF‑атак. Злоумышленник может попасть в metadata‑endpoint (AWS/GCP/Azure), получить временные токены и выполнить удалённый код.
Промпт:
Simulate a detailed attack chain exploiting a web API via SSRF to access the cloud metadata service (AWS/GCP/Azure), steal credentials, escalate privileges, and execute remote code. Include: – Detailed API misconfiguration (e.g., no IP filtering, open redirect) – SSRF payload examples for AWS IMDSv1/IMDSv2 bypass – Token theft and how to abuse IAM roles – Demonstration of RCE (e.g., launching a malicious container) – Full mitigation plan: input validation, network segmentation, metadata protection
Bitcoin is built on a distributed digital record called a blockchain. As the name implies, blockchain is a linked body of data, made up of units called blocks that contain information about each and every transaction, including date and time, total value, buyer and seller, and a unique identifying code for each exchange. Entries are strung together in chronological order, creating a digital chain of blocks. “Once a block is added to the blockchain, it becomes accessible to anyone who wishes to view it, acting as a public ledger of cryptocurrency transactions,” says Stacey Harris, consultant for Pelicoin, a network of cryptocurrency ATMs. Blockchain is decentralized, which means it’s not controlled by any one organization. “It’s like a Google Doc that anyone can work on,” says Buchi Okoro, CEO and co-founder of African cryptocurrency exchange Quidax. “Nobody owns it, but anyone who has a link can contribute to it. And as different people update it, your copy also gets updated.”
Библиотека хакера | Hacking Infosec ИБ информационная безопасность from us
