History of Hacks: SSRF attacks on AWS

Welcome to our journey through the History of Hacks. We’ll be giving a high-level overview of the techniques behind some of the biggest hacks and data breaches in history, and what we can learn about protecting ourselves. At Veza we believe that while the tools and strategies employed by attackers are constantly evolving, there’s one form of defense that almost always works: Least Privilege.

Today we look at server-side request forgery (SSRF) attacks on AWS, as used in the infamous Capital One hack of 2019.