This course teaches learners how to ethically hack internal networks through Server Side Request Forgery (SSRF) attacks. The course covers various entry points and attack examples, the dangers of internal services, and how to exploit SSRF for different purposes. Learners will also understand the background of SSRF research, key points of failure for the Department of Defense, and ways to mitigate SSRF attacks. The teaching method involves practical examples and demonstrations. This course is intended for ethical hackers, bug bounty hunters, security professionals, and anyone interested in cybersecurity.
Piercing the Veil - Server Side Request Forgery Attacks on Internal Networks
Overview
Syllabus
Intro
Ethically hacking through Bug bounties and VDP
Esoteric SSRF Entry Points
Esoteric attack examples
Dangers of Internal Services
Exploiting SSRF for Fun and Profit
Background of the initial research
Exploiting the Oauth SSRF for fun
Key points of failure for the DoD
Mitigating SSRF
Questions?
Taught by
Cooper
Related Courses
-
OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)
-
Intro to Bug Bounty Hunting and Web Application Hacking
-
What is Server-Side Request Forgery - SSRF?
-
Learning Server Side Request Forgery Basics Using Portswigger's Web Security Academy
-
Server Side Request Forgery
-
The 3 Way Bypass Surgery - Abusing Content Delivery Networks with Server Side Request Forgery - SSRF
