Rhino Security Labs

Technical Blog

Unauthenticated AWS Role Enumeration (IAM Revisited)

Spencer Gietzen
January 28, 2019

When attacking an AWS cloud environment, its important to use leverage unauthenticated enumeration whenever possible. This kind of IAM recon can help you gain a better understanding of the environment itself, the users and applications that…

AWS IAM Privilege Escalation – Methods and Mitigation

Simplifying API Pentesting With Swagger Files

Cloud Breach: Compromising AWS IAM Credentials

Spencer Gietzen

With Pacu and our AWS Pentesting simulating attacks on cloud architecture, we often get questions about how keys get lost (or even statements that such an event is unlikely). To address these concerns we’ve written a blog post to walk…