To access material, start machines and answer questions login.
The Instance Metadata Service is one of the most useful and most dangerous convenience features in . It provides local access to metadata and temporary credentials for any workload running on an instance. When HttpTokens is set to optional, any process that can send a plain HTTP GET to 169.254.169.254 can retrieve those credentials, including requests forwarded by a misconfigured proxy or a vulnerable application running on the same host.
That is how a server-side request forgery becomes IAM credential theft. IMDSv2 raises the bar by requiring a PUT-based token exchange before any credential retrieval. That one design change breaks the most common SSRF-to-metadata attack path entirely.
Learning Objectives
By the end of this room, you will be able to:
- Understand the difference between IMDSv1 and IMDSv2 and why it matters
- Identify EC2 instances where
HttpTokensis still set tooptional - Demonstrate the unauthenticated credential retrieval path that IMDSv1 allows
- Enforce IMDSv2 on an existing instance and verify that the old flow no longer works
- Launch a new instance that requires IMDSv2 from the start
Prerequisites
- Being able to set up your environment (First Steps Into room)
- Basic commands ( Fundamentals room)
- Have a basic understanding of the compute service (Introduction to Cloud Computing room)
You only need to redirect one request. The rest follows.
Ready to learn Cyber Security?
The The Leaky Metadata room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in
