Blog - Technical - Rhino Security Labs

Technical Strategic Technical & Strategic Both

Vulnerabilities Leading to RCE in
LabKey Server Biomedical Research Platform

David Yesland

October 29, 2019

This blog is a walkthrough of the three different vulnerabilities we discovered in the LabKey Server, a biomedical research platform–Stored XSS (CVE-2019-9758), CSRF leading to RCE (CVE-2019-9926), and XXE (CVE-2019-9757) allowing…

Application Security

CompleteFTP Server Local Privilege Escalation
CVE-2019-16116

AWS

Abusing VPC Traffic Mirroring in AWS

AWS

Exploiting AWS ECR and ECS with
the Cloud Container Attack Tool (CCAT)

Jack Ganbold

UPDATE: As of 10/03/19, CCAT now supports Container Registry on GCP…

Technical Blog

Vulnerabilities Leading to RCE inLabKey Server Biomedical Research Platform

CompleteFTP Server Local Privilege EscalationCVE-2019-16116

Abusing VPC Traffic Mirroring in AWS

Exploiting AWS ECR and ECS withthe Cloud Container Attack Tool (CCAT)

Vulnerabilities Leading to RCE in
LabKey Server Biomedical Research Platform

CompleteFTP Server Local Privilege Escalation
CVE-2019-16116

Exploiting AWS ECR and ECS with
the Cloud Container Attack Tool (CCAT)