IMDS Abused: Hunting Rare Behaviors to Uncover Exploits www.wiz.io/blog/imds…

Over the years, threat actors have learned to turn IMDS into a stepping stone for credential theft, lateral movement, and privilege escalation. This post is about how we used a data-driven methodology to uncover and stop anomalous IMDS usage, and how that approach led us to discover a zero-day vulnerability being exploited in the wild in a popular web service.