Rhino Security Labs

Technical Blog

Technical Strategic Technical & Strategic Both
AWS

IAMActionHunter: Query AWS IAM permission policies with ease

David Yesland

While performing AWS penetration tests, we’ve repeatedly encountered a need for a tool to manually review and audit IAM permission policies. IAM Permissions can be spread out over multiple inline and managed policies, contain…

Read more
Research

CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM

Cloud Security

CloudGoat detection_evasion Scenario:
Avoiding AWS Security Detection and Response

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Google Cloud
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Uncategorized
Application Security

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

David Yesland

Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability due to an overly broad filter pattern used in the API authorization filters.
By appending a crafted string to the API URL, users with no privileges can…

Read more