Guy Arazi
With a lifelong passion for security research, Guy has been deeply involved in both developing and testing applications from a young age. Having played diverse roles in both defensive and offensive security, he leverages this dual expertise to advance vulnerability discovery, detection, and mitigation across various sectors. Specializing in web applications and cloud services, he is dedicated to addressing critical security issues on a global scale. Guy is currently a researcher at the MSRC V&M group.
Session
Server-Side Request Forgery (SSRF) vulnerabilities offer a range of attack possibilities, but their impact often depends on the nature of the vulnerability. While some SSRFs directly expose data from requested URLs, blind SSRFs typically result in more limited insights, such as basic reconnaissance or port scanning.
In this talk, I’ll unveil a powerful technique for amplifying the impact of blind SSRFs by leveraging internal DNS records discovered through known components. This innovative approach focuses on effectively pivoting from external SSRF attacks—where access is constrained—to exploiting internal endpoints with minimal fuzzing or guessing.
I will demonstrate practical methods for identifying and utilizing internal DNS records, which can be revealed through components such as Kubernetes services, microservices, or internal APIs. By uncovering these internal DNS entries, you can bypass traditional application mitigations and firewall rules, significantly enhancing your SSRF attacks.
Through real-world examples and hands-on demonstrations, you'll learn how to transition from limited external SSRF access to effectively exploiting internal endpoints, revealing the true potential of blind SSRFs. Join me to discover how harnessing internal DNS records can transform the effectiveness and impact of your SSRF findings, making them more actionable and insightful.