The DefendOps DiariesApr 9, 2025

Could your AWS cloud be secretly exposed? Hackers are exploiting SSRF to snag sensitive metadata, but upgrading to IMDSv2 might just turn the tables. Check out why tightening up this single layer could mean the difference between breach and safety.

https://thedefendopsdiaries.com/securing-aws-cloud-environments-against-ssrf-vulnerabilities/

#ssrf
#awssecurity
#cloudsecurity
#ec2
#imdsv2

Securing AWS Cloud Environments Against SSRF Vulnerabilities

Learn how to secure AWS environments against SSRF vulnerabilities and protect sensitive data with effective mitigation strategies.

The DefendOps Diaries
GripNewsNov 27, 2023
🌗 Amazon EC2使用預設IMDSv2加強深入防禦
➤ AWS宣佈新的Amazon EC2實例將預設使用IMDSv2加強防禦能力
https://www.infoq.com/news/2023/11/aws-ec2-IMDSv2/
AWS最近宣佈,新的Amazon EC2實例類型只支持EC2實例元數據服務(IMDS)的版本2,以提高對開放防火牆、反向代理和SSRF漏洞的防禦能力。這項改變將在2024年中旬成為默認設置。IMDSv2需要使用HTTP PUT請求創建一個祕密令牌,然後使用該令牌查詢元數據。AWS提供了多種工具來幫助過渡到IMDSv2。
+ 這項改變對於提升安全性非常重要,對於使用Amazon EC2的用戶來說是一個好消息。
+ AWS提供的工具可以幫助用戶順利過渡到IMDSv2,這對於提高安全性和降低風險很有幫助。
#Amazon EC2 #IMDSv2 #防禦加強
Amazon EC2 Enhances Defense in Depth with Default IMDSv2

To improve defense against open firewalls, reverse proxies, and SSRF vulnerabilities, AWS has recently announced that new Amazon EC2 instance types will support only version 2 of the EC2 Instance Metadata Service (IMDSv2). For transition support, customers will still be able to enable IMDSv1.

InfoQ
d0pp3l6ang3r  Jun 7, 2023
This is great to spot those #ssrf. It allows you to identify processes making #IMDSv1 calls with cool #eBPF magic
Super handy for instances that cant move to #IMDSv2
https://github.com/aws/aws-imds-packet-analyzer
#aws
#sectoot
GitHub - aws/aws-imds-packet-analyzer

Contribute to aws/aws-imds-packet-analyzer development by creating an account on GitHub.

GitHub