Rhino Security Labs

Technical Blog

Technical Strategic Technical & Strategic Both
Application Security

Exploiting ShoreTel Communicator through Situational Awareness

Dwight Hohnstein
April 10, 2018

Recently, the Rhino Security Labs team was tasked with an internal network assessment for an environment which ran a predominantly Windows environment. There are some bells that go off immediately in an assessor’s mind when within a…

Read more
AWS

Amazon’s AWS Misconfiguration:
Arbitrary Files Upload in Amazon Go

Research

XML External Entity Injection in Jive-n (CVE-2018-5758)

Sign up for our Newsletter

Categories
Clear Selection
Application Security
AWS
Azure
Buyers Guide
Cloud Security
Compliance
Enterprise Security
Internet of Things
Mobile Security
Network Security
Penetration Testing
Research
Social Engineering
Tool Development
Application Security

Hiding in Plain Sight:
XXE Vulnerability in HP Project & Portfolio Mgmt Center

Dwight Hohnstein
February 21, 2018

Researchers at Rhino Security Labs discovered an XXE vulnerability in the way HP Project and Portfolio Management Center (HP PPM) processed imported tickets. Specifically, an XML external entity injection vulnerability allows an attacker to…

Read more