Rhino Security Labs

Strategic Blog

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Jeffrey Anderson
August 4, 2019

Cloud security, specifically AWS security, is once again in the news. This time it’s a major breach at banking giant Capital One. With 100 million customers affected, it ranks as one of the largest data breaches to date. Capital One now…

Escalating AWS IAM Privileges with an
Undocumented CodeStar API

S3 Ransomware Part 2: Prevention and Defense

Google Cloud Platform (GCP)
Bucket Enumeration and Privilege Escalation

Spencer Gietzen

For those unfamiliar, GCP is a cloud platform that offers a variety of cloud-computing solutions for businesses of any size to take advantage of. Most people would put it up in the “big 3” cloud providers that are available,…