Owning the Cloud Through SSRF and PDF Generators

Presented at THOTCON 0xB (2021) Rescheduled, Oct. 9, 2021, 3 p.m. (50 minutes).

With how many apps are running in the cloud, hacking these instances becomes easier with a simple vulnerability due to an unsanitized user input. In this talk, we'll discuss a number of different methods that helped us exfil data from different applications using Server-Side Request Forgery (SSRF). Using these methods, we were able to hack some of the major transportation, hospitality, and social media companies and make $50,000 in rewards in 3 months.


Presenters:

  • Ben Sadeghipour / NahamSec as Ben Sadeghipour
    Ben is the Head of Hacker Education at HackerOne by day, and a hacker by night.

Similar Presentations: