HolyGhost logoHolyGhost

#credentials

2 posts

Analysis

From a URL Field to Cloud Keys: SSRF and the Metadata Endpoint

Server side request forgery turns a harmless looking URL input into a way to read a cloud instance's own credentials. Here is how the metadata endpoint becomes the prize, and why IMDSv2 changed the game.

12 min read·#ssrf#cloud#aws
Analysis

Pass the Hash: Why Stealing the Password Is Optional

In Windows networks an attacker often does not need your password, just its hash. Here is how pass the hash works, why it powers lateral movement, and how to break the chain.

9 min read·#pass-the-hash#active-directory#windows