Rhino Security Labs

Strategic & Technical Blog

CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM

David Yesland

Forticlient is Fortinet’s basic VPN client which offers SSL VPN and IPSecVPN VPN connectivity. It also contains utility features which allow importing and exporting of VPN configurations and profiles…

CloudGoat detection_evasion Scenario:
Avoiding AWS Security Detection and Response

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

CloudGoat goes Serverless:
A walkthrough of Vulnerable Lambda Functions

Mitch Fentz

CloudGoat is Rhino Security Labs’s AWS pentest training tool, deploying “vulnerable by design” AWS infrastructure to exploit it safely (and legally) in your own environment. This blog post will walk through the new vulnerable_lambda…