SSRF attack on AWS: Replaying Capital One hack for stealing EC2 metadata

Anunay Bhatt
5 min readAug 17, 2019

Unless you have been hiding in a cave or not even remotely security-minded, you would have heard the news about the Capital One hack. It was possibly a Server-side Request Forgery (SSRF) attack on AWS hosted application server orchestrated by an ex-Amazon employee — Paige Thompson.