Here I collect post-mortem stories of hacks & outages.
Capital One - WAF was misconfigured and had too many permissions, which allowed the hacker to forge a request to a metadata service and retrieve elevated credentials.
🗒️ Details, More details.
🏷️ configuration, security, AWS, IAM, WAF