Rhino Security Labs

Strategic Blog

Unauthenticated AWS Role Enumeration (IAM Revisited)

Spencer Gietzen
January 28, 2019

When attacking an AWS cloud environment, its important to use leverage unauthenticated enumeration whenever possible. This kind of IAM recon can help you gain a better understanding of the environment itself, the users and applications that…

AWS IAM Privilege Escalation – Methods and Mitigation

Cloud Breach: Compromising AWS IAM Credentials

Pacu: The Open Source AWS Exploitation Framework

Spencer Gietzen

With the continued proliferation of Amazon Web Services (AWS), companies are continuing to move their technical assets to the cloud. With this paradigm shift comes new security challenges for both Sysadmin and DevOps teams.  These aren&#…