IMDSv1 is a blue team lab that falls under the Cloud Forensics category and will cover the following subjects: Wireshark, jq, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control.
Learning Objectives
Analyze network traffic and AWS CloudTrail logs using Wireshark and JQ to reconstruct an IMDSv1 SSRF exploitation and subsequent data exfiltration attack.