Rhino Security Labs

Technical Blog

CloudGoat: New Scenario and Walkthrough (sns_secrets)

Tyler Ramsbey
October 15, 2024

This is a full walkthrough for the new sns_secrets scenario on CloudGoat. 
CloudGoat allows people to hone their cloud security skills by completing several “capture-the-flag” challenges. Full set-up instructions are on the CloudGoat…

CloudGoat Official Walkthrough Series: ‘glue_privesc’

Vestaboard: Exploring Broken Access Controls and Privilege Escalation

CVE-2024-2389:
Command Injection Vulnerability
In Progress Flowmon

David Yesland

After our initial research into other Progress products we decided to take a look at another Progress product, Flowmon. This led to the discovery of an unauthenticated command injection vulnerability, which when coupled with a privilege…