Rhino Security Labs

Strategic Blog

Technical Strategic Technical & Strategic Both
GCP

Google Cloud Platform (GCP)
Bucket Enumeration and Privilege Escalation

Spencer Gietzen
February 26, 2019

For those unfamiliar, GCP is a cloud platform that offers a variety of cloud-computing solutions for businesses of any size to take advantage of. Most people would put it up in the “big 3” cloud providers that are available,…

Read more
Social Engineering

Bypassing Email Security Controls (P1: URL Scanning)

AWS

Unauthenticated AWS Role Enumeration (IAM Revisited)

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
AWS

AWS IAM Privilege Escalation – Methods and Mitigation

Spencer Gietzen

At Rhino Security Labs, we do a lot of penetration testing for AWS architecture, and invest heavily in related AWS security research.  This post will cover our recent findings in new IAM Privilege Escalation methods – 17 in total –…

Read more