Rhino Security Labs

Strategic & Technical Blog

Vulnerabilities Leading to RCE in
LabKey Server Biomedical Research Platform

David Yesland

This blog is a walkthrough of the three different vulnerabilities we discovered in the LabKey Server, a biomedical research platform–Stored XSS (CVE-2019-9758), CSRF leading to RCE (CVE-2019-9926), and XXE (CVE-2019-9757) allowing…

CompleteFTP Server Local Privilege Escalation

Abusing VPC Traffic Mirroring in AWS

Exploiting AWS ECR and ECS with
the Cloud Container Attack Tool (CCAT)

Jack Ganbold

UPDATE: As of 10/03/19, CCAT now supports Container Registry on GCP…