With how many apps are running in the cloud, hacking these instances becomes
easier with a simple vulnerability due to an unsanitized user input. In this
talk, we’ll discuss a number of different methods that helped us exfil data
from different applications using Server-Side Request Forgery (SSRF). Using
these methods, we were able to hack some of the major transportation,
hospitality, and social media companies and make $50,000 in rewards in 3
Ben is the Head of Hacker Operations at HackerOne by day, and a hacker by night. He has helped identify and exploit over 600 security vulnerabilities across 100s of web...