Rhino Security Labs

Technical Blog

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Jeffrey Anderson
August 4, 2019

Cloud security, specifically AWS security, is once again in the news. This time it’s a major breach at banking giant Capital One. With 100 million customers affected, it ranks as one of the largest data breaches to date. Capital One now…

AWS IAM Privilege Escalation – Methods and Mitigation – Part 2

Exploring the Power of Phished Persistent Cookies in AWS

CloudGoat Official Walkthrough Series: “rce_web_app”

Jeffrey Anderson
July 9, 2019

We at Rhino Security Labs recently released the next generation of our “vulnerable by design” AWS deployment tool, CloudGoat. One of the biggest changes in this new version is the introduction of scenarios. As part of our ongoing…