Rhino Security Labs

Technical Blog

Simplifying API Pentesting With Swagger Files

David Yesland
November 13, 2018

The current OpenAPI parsing and handling tools are not geared towards pentesting an API. We created Swagger-EZ to make getting up and running with API pentesting faster and less painful. The Github repository is here.
When auditing an API…

Cloud Breach: Compromising AWS IAM Credentials

AWS IAM Enumeration 2.0: Bypassing CloudTrail Logging

Using AWS Account ID’s for IAM User Enumeration

Benjamin Caudill

In our AWS IAM post from last week, we highlighted a technique that penetration testers can use to automate the process of enumerating the IAM roles of other AWS accounts. As long as the attacker knows the victim’s AWS account ID,…