2024-12-14 –, Clappy Monkey Track
In modern web architectures, SSRF vulnerabilities have become increasingly difficult to exploit due to sophisticated defense mechanisms. This presentation introduces SSRF² - a novel technique that challenges fundamental assumptions about trust boundaries by using the same SSRF primitive twice across different security contexts. Through real-world discoveries, we demonstrate how a seemingly limited SSRF primitive, when used twice, can bypass an entire security stack designed to prevent internal access. What makes this technique particularly powerful is its ability to transform restricted blind SSRF vulnerabilities into critical security breaches without complex chains or extensive reconnaissance.
This talk introduces a groundbreaking approach to SSRF exploitation that fundamentally changes how we think about trust boundaries and security contexts. Rather than focusing on finding new SSRF vectors, we'll demonstrate how using the same primitive twice can bypass sophisticated security controls including URL rewrite rules, origin validation, and network segregation.
Key takeaways:
- How a single SSRF primitive can be leveraged across different security contexts
- Why position matters more than payload in modern architectures
- Real-world examples of bypassing Kubernetes API protections
- Turning blind SSRF into critical internal access
- New methodology for approaching SSRF research
Through live demonstrations and real-world cases, attendees will learn how traditional security controls can fail when the same primitive operates across different trust contexts. This research provides valuable insights for both offensive security researchers looking to expand their methodology and defenders implementing trust boundaries.
With a lifelong passion for security research, Guy has been deeply involved in both developing and testing applications from a young age. Having played diverse roles in both defensive and offensive security, he leverages this dual expertise to advance vulnerability discovery, detection, and mitigation across various sectors. Specializing in web applications and cloud services, he is dedicated to addressing critical security issues on a global scale. Guy is currently a researcher at the MSRC V&M group.