Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Research

CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM

David Yesland
August 30, 2022

Forticlient is Fortinet’s basic VPN client which offers SSL VPN and IPSecVPN VPN connectivity. It also contains utility features which allow importing and exporting of VPN configurations and profiles…

Read more
Cloud Security

CloudGoat detection_evasion Scenario:
Avoiding AWS Security Detection and Response

Application Security

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Google Cloud
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Uncategorized
Cloud Security

CloudGoat goes Serverless:
A walkthrough of Vulnerable Lambda Functions

Mitch Fentz

CloudGoat is Rhino Security Labs’s AWS pentest training tool, deploying “vulnerable by design” AWS infrastructure to exploit it safely (and legally) in your own environment. This blog post will walk through the new vulnerable_lambda…

Read more