IMDS Abused: Hunting Rare Behaviors to Uncover Exploits | Wiz Blog

Threat actors are increasingly exploiting cloud Instance Metadata Services (IMDS) via SSRF and other vulnerabilities to steal credentials and escalate privileges, but data-driven anomaly detection—like that used by Wiz—can uncover and stop even zero-day attacks before they cause damage.