Rhino Security Labs

Strategic & Technical Blog

AWS Privilege Escalation – Methods and Mitigation

Spencer Gietzen

At Rhino Security Labs, we do a lot of penetration testing for AWS architecture, and invest heavily in related AWS security research.  This post will cover our recent findings in new IAM Privilege Escalation methods – 17 in total –…

SleuthQL: A SQL Injection Discovery Tool

Authenticated File Read Vulnerability in JasperReports
(CVE-2018-5430)

Exploiting ShoreTel Communicator through Situational Awareness

Benjamin Caudill

Recently, the Rhino Security Labs team was tasked with an internal network assessment for an environment which ran a predominantly Windows environment. There are some bells that go off immediately in an assessor’s mind when within a…