Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Application Security

Simplifying API Pentesting With Swagger Files

David Yesland
November 13, 2018

The current OpenAPI parsing and handling tools are not geared towards pentesting an API. We created Swagger-EZ to make getting up and running with API pentesting faster and less painful. The Github repository is here.
When auditing an API…

Read more
AWS

Cloud Breach: Compromising AWS IAM Credentials

AWS

AWS IAM Enumeration 2.0: Bypassing CloudTrail Logging

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
Application Security
AWS
Azure
Buyers Guide
Cloud Security
Compliance
Enterprise Security
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
AWS

Using AWS Account ID’s for IAM User Enumeration

Benjamin Caudill

In our AWS IAM post from last week, we highlighted a technique that penetration testers can use to automate the process of enumerating the IAM roles of other AWS accounts. As long as the attacker knows the victim’s AWS account ID,…

Read more