Rhino Security Labs

Strategic & Technical Blog

AWS WorkSpaces Remote Code Execution

David Yesland

This post details a vulnerability Rhino Security Labs discovered in the AWS WorkSpaces desktop client, tracked as CVE-2021-38112, which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser. Rhino…

Cloud Malware:
Resource Injection in CloudFormation Templates

CVE-2020-5377: Dell OpenManage Server Administrator File Read

Downloading and Exploring AWS EBS Snapshots

Ryan Gerstenkorn

AWS EBS snapshots are static backups of AWS EBS volumes. In other words, they are copies of the disks attached to an EC2 Instance at a specific point in time. EBS snapshots can be copied across regions and accounts, or even downloaded and…