Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
AWS

Attacking AWS Cognito with Pacu (p1)

David Kutz-Marks

In Part 1 of this post, we discuss common problems in AWS Cognito security, as seen in client environments, which would benefit from automated scanning and exploitation. In Part 2, we walk through our solution: two new modules for Pacu, our…

Read more
AWS

Attacking AWS Cognito with Pacu (p2)

AWS

IAMActionHunter: Query AWS IAM permission policies with ease

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Google Cloud
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Uncategorized
AWS

CVE-2022-25165:
Privilege Escalation to SYSTEM in AWS VPN Client

David Yesland

The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation and an information disclosure vulnerability that allows the user’s Net-NTLMv2 hash to be leaked via a UNC path in a…

Read more