Rhino Security Labs

Strategic Blog

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Jeffrey Anderson

Cloud security, specifically AWS security, is once again in the news. This time it’s a major breach at banking giant Capital One. With 100 million customers affected, it ranks as one of the largest data breaches to date. Capital One now…

Escalating AWS IAM Privileges with an
Undocumented CodeStar API

S3 Ransomware Part 2: Prevention and Defense

Unauthenticated AWS Role Enumeration (IAM Revisited)

Spencer Gietzen

When attacking an AWS cloud environment, its important to use leverage unauthenticated enumeration whenever possible. This kind of IAM recon can help you gain a better understanding of the environment itself, the users and applications that…