Rhino Security Labs

Strategic & Technical Blog

CVE-2020-5377: Dell OpenManage Server Administrator File Read

David Yesland

This blog explores a file read vulnerability in Dell OpenManage Server Administrator (OMSA) we found during an internal network penetration test, tracked as CVE-2020-5377 and a bypass for the fix tracked as CVE-2021-21514. 
When this Dell…

Downloading and Exploring AWS EBS Snapshots

CloudGoat ECS_EFS_Attack Walkthrough

Java Deserialization Exploitation With
Customized Ysoserial Payloads

David Yesland

During a recent application assessment at Rhino we identified a Java deserialization vulnerability which ended up leading to unauthenticated remote code execution. Exploitation of the vulnerability turned out to not be as simple as…