Rhino Security Labs

Strategic & Technical Blog

CVE-2019-0227: Expired Domain to Remote Code Execution in Apache Axis

David Yesland
April 9, 2019

Apache Axis™ is a Simple Object Access Protocol (SOAP) engine. During a recent red team engagement we came across an install of an old version of Apache Axis, version 1.4. There are now newer versions such as Apache Axis2, Apache CXF, and…

NVIDIA Arbitrary File Writes to Command Execution
CVE-2019-5674

Exploiting CVE-2018-1335:
Command Injection in Apache Tika

AWS IAM Privilege Escalation – Methods and Mitigation

Spencer Gietzen

At Rhino Security Labs, we do a lot of penetration testing for AWS architecture, and invest heavily in related AWS security research.  This post will cover our recent findings in new IAM Privilege Escalation methods – 17 in total –…