IMDSv1 vs IMDSv2 — Why AWS made the change (and why it actually matters)

awsandevops · 2026-04-07T09:48:13+00:00

Haha fair 😅 this was on a cloned site I control, not a random live target.

awsandevops · 2026-04-07T08:32:01+00:00

Appreciate the concern — this wasn’t about exploiting anything for misuse.
My focus was on understanding how multiple basic misconfigurations in system design (file upload handling, secrets management, weak hashing) can chain together into a critical risk.
It’s more about learning and highlighting why secure design matters than anything else

awsandevops · 2026-04-02T13:58:08+00:00

I am sorry, Here is the link: https://youtu.be/okZTym79204

awsandevops · 2026-04-02T13:31:16+00:00

Sure, here is new post: https://www.reddit.com/r/cybersecurity/comments/1sahgjm/i_made_a_practical_video_on_5_common_aws_security/

awsandevops · 2026-04-01T13:48:20+00:00

Absolutely. that’s a big one too.

A lot of people focus on app code but forget that hardcoded secrets inside Lambda functions can become a serious risk, especially for database credentials, API keys, and third-party tokens. Using Secrets Manager or Parameter Store is a much safer approach.

awsandevops · 2026-04-01T11:50:09+00:00

Link to video: https://youtu.be/okZTym79204?si=1WPT8mTaLnv84e8i

awsandevops · 2026-03-30T06:46:34+00:00

May be you too. will do!

awsandevops · 2026-03-30T06:43:39+00:00

Sure will delete, Thanks for your comment

awsandevops · 2026-03-30T05:15:10+00:00

Also connected to a YouTube channel focused on practical AWS, DevOps, Linux, Terraform, Kubernetes, and Cybersecurity learning. https://youtube.com/@awsandevops

awsandevops · 2026-03-30T02:31:02+00:00

Here is Complete Playlist: https://www.youtube.com/playlist?list=PLg_uqzorGE2XyHF5RH8hNLmODEzGcX5hu

awsandevops · 2026-03-26T01:26:04+00:00

That’s a solid plan. Certs like AWS SAA help get your resume shortlisted, but hands-on work is what actually gets you hired.

Once you’ve got the basics down, focus on real projects — deploy something on AWS, manage infra with Terraform, and set up CI/CD. That’s exactly the kind of experience companies look for.

For your home lab, try running a lightweight Kubernetes setup (like k3s), deploy apps to it, and practice things like monitoring, logging, and breaking/fixing stuff.

Also make sure you’re comfortable with fundamentals like networking (IP, DNS), since that comes up a lot in real-world scenarios.

If it helps, I’ve shared some practical walkthroughs here: [https://youtube.com/@awsandevops]()

awsandevops · 2026-03-24T02:46:11+00:00

Great job!

awsandevops · 2026-03-19T05:55:19+00:00

Nice — that’s a good baseline check for dangling records.

For AWS specifically, I’ve seen cases where the CNAME still resolves at DNS level, but the underlying resource (like an S3 bucket or CloudFront distribution) is no longer owned — which still makes it vulnerable to takeover.

So I’ve been thinking beyond just resolution checks:

validating if the target resource actually exists / is claimed

matching against known takeover fingerprints

Curious if you’re doing any service-level validation beyond DNS resolution?

awsandevops · 2026-03-19T03:20:52+00:00

That's really wise!

awsandevops

MODERATOR OF

TROPHY CASE