Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
AWS

Unauthenticated AWS Role Enumeration (IAM Revisited)

Spencer Gietzen
January 28, 2019

When attacking an AWS cloud environment, its important to use leverage unauthenticated enumeration whenever possible. This kind of IAM recon can help you gain a better understanding of the environment itself, the users and applications that…

Read more
AWS

AWS IAM Privilege Escalation – Methods and Mitigation

Application Security

Simplifying API Pentesting With Swagger Files

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
Application Security
AWS
Azure
Buyers Guide
Cloud Security
Compliance
Enterprise Security
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
AWS

Cloud Breach: Compromising AWS IAM Credentials

Spencer Gietzen

With Pacu and our AWS Pentesting simulating attacks on cloud architecture, we often get questions about how keys get lost (or even statements that such an event is unlikely). To address these concerns we’ve written a blog post to walk…

Read more