HolyGhost logoHolyGhostRSS

$ whoami @holyghost

We make sense of
how things break.

HolyGhost is an independent cybersecurity blog. Clear breakdowns of known vulnerabilities and attacks, plus practical lessons for people learning security the right way.

// latest

Analysis

From a URL Field to Cloud Keys: SSRF and the Metadata Endpoint

Server side request forgery turns a harmless looking URL input into a way to read a cloud instance's own credentials. Here is how the metadata endpoint becomes the prize, and why IMDSv2 changed the game.

4 min read·#ssrf#cloud#aws
Learn

What Is Encryption? A Plain English Introduction

Encryption in everyday language: what it means to scramble data, the difference between symmetric and asymmetric keys, and where you already rely on it every day.

4 min read·#encryption#cryptography#fundamentals