Rhino Security Labs

Strategic Blog

Attacking AWS Cognito with Pacu (p2)

David Kutz-Marks

In Part 2 of this post, we walk through our two new Cognito modules for Pacu, our open-source AWS exploitation framework. If you’re not familiar with accessing AWS Cognito, feel free to check out Part 1: Accessing AWS Cognito Security…

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Escalating AWS IAM Privileges with an
Undocumented CodeStar API

S3 Ransomware Part 2: Prevention and Defense

Spencer Gietzen

This is part two in a two-part series on S3 Ransomware. Part One discusses the attack vector of S3 Ransomware and demonstrates a proof of concept.
Note: This post not only discusses defense mechanisms against S3 ransomware, but it also…