AWS IMDS on Aonan Guan

AWS IMDS on Aonan Guanhttps://oddguan.com/tags/aws-imds/Recent content in AWS IMDS on Aonan GuanAonan Guanhttps://oddguan.com/avatar.webphttps://oddguan.com/avatar.webpHugo -- 0.147.7en-usFri, 03 Apr 2026 00:00:00 +0000Never Wait for Approval — Prompt Injection in Strix AI Pentesting Agent Steals Cloud Credentialshttps://oddguan.com/blog/strix-ai-agent-security-scanner-prompt-injection-credential-theft/Fri, 03 Apr 2026 00:00:00 +0000https://oddguan.com/blog/strix-ai-agent-security-scanner-prompt-injection-credential-theft/A prompt injection vulnerability in Strix AI pentesting agent enables arbitrary command execution through malicious project files. The tool designed to red-team others gets red-teamed by its own target — cloud credentials exfiltrated through the project you are scanning.