Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
AWS

AWS IAM Enumeration 2.0: Bypassing CloudTrail Logging

Spencer Gietzen
October 2, 2018

With a major focus in cloud security architecture, we’ve released several attack vectors and security tools around AWS.  Pacu brought the first AWS exploitation framework, CloudGoat a vulnerable-by-design cloud environment, and today we…

Read more
AWS

Using AWS Account ID’s for IAM User Enumeration

AWS

Assume the Worst:
Enumerating AWS Roles through ‘AssumeRole’

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
Application Security
AWS
Azure
Buyers Guide
Cloud Security
Compliance
Enterprise Security
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
AWS

Pacu: The Open Source AWS Exploitation Framework

Spencer Gietzen
August 21, 2018

With the continued proliferation of Amazon Web Services (AWS), companies are continuing to move their technical assets to the cloud. With this paradigm shift comes new security challenges for both Sysadmin and DevOps teams.  These aren&#…

Read more