Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Application Security

CompleteFTP Server Local Privilege Escalation
CVE-2019-16116

Robert Fisher
October 1, 2019

CompleteFTP is a suite of FTP and SSH tools for Windows developed by EnterpriseDT. The server has functionality for remote and local administration which, due to information leakage in a log file, can be abused by an attacker to hijack the…

Read more
AWS

Abusing VPC Traffic Mirroring in AWS

AWS

Exploiting AWS ECR and ECS with
the Cloud Container Attack Tool (CCAT)

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
AWS

Bypassing IP Based Blocking with AWS API Gateway

David Yesland

In external and red team engagements, we often come across different forms of IP based blocking. This prevents things like password brute forcing, password spraying, API rate limiting, and other forms of IP blocking like web application…

Read more