Rhino Security Labs

Technical Blog

AWS IAM Enumeration 2.0: Bypassing CloudTrail Logging

Spencer Gietzen
October 2, 2018

With a major focus in cloud security architecture, we’ve released several attack vectors and security tools around AWS.  Pacu brought the first AWS exploitation framework, CloudGoat a vulnerable-by-design cloud environment, and today we…

Using AWS Account ID’s for IAM User Enumeration

Assume the Worst:
Enumerating AWS Roles through ‘AssumeRole’

Pacu: The Open Source AWS Exploitation Framework

Spencer Gietzen
August 21, 2018

With the continued proliferation of Amazon Web Services (AWS), companies are continuing to move their technical assets to the cloud. With this paradigm shift comes new security challenges for both Sysadmin and DevOps teams.  These aren&#…