VirtualTam's bookmarks

1. What is "AWS Security Scanner" in my server logs? 2020-07-31

   tags: cloud/aws, network, security

   [ permalink ]

   • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
   • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
   • https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html
   • https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
   • https://aws.amazon.com/blogs/aws/new-host-based-routing-support-for-aws-application-load-balancers/
   • https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/
   • https://www.reddit.com/r/aws/comments/e18e5n/botexploit_what_is_this_trying_to_do_and_how
   • https://www.reddit.com/r/aws/comments/e18e5n/botexploit_what_is_this_trying_to_do_and_how/f8qympp/
   • https://forums.aws.amazon.com/thread.jspa?threadID=316889
   • https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
   • https://www.wired.com/story/capital-one-paige-thompson-case-hacking-spree/
   • https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/
   • https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/
   • http://www.thecloudavenue.com/2019/08/how-capital-one-hack-was-achieved-in-aws.html
   • http://www.thecloudavenue.com/2019/11/changes-to-aws-ec2-instance-metadata-service.html