New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF

Ermetic's platform is a central hub for cloud security professionals, offering insights into cloud security posture management (CSPM), identity and access management (IAM), and data protection in the cloud. Through articles, reports, and case studies, Ermetic offers insights into securing cloud environments and ensuring compliance with security standards. Security professionals can learn about cloud security best practices, threat detection techniques, and security automation to mitigate risks in cloud deployments.

ermetic

Exposing an Amazon EC2 instance to SSRF can allow attackers to trigger calls to AWS services from within the instance, leveraging exfiltrated credentials. Mitigation requires detection and removal of the issue or preventing the triggering of such calls.

What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRF

Protecting against Instance Credentials Exfiltration

Making the Easy Proof-of-Concept Even Easier