Rhino Security Labs

Strategic & Technical Blog

AWS Privilege Escalation – Methods and Mitigation

Spencer Gietzen

At Rhino Security Labs, we do a lot of penetration testing for AWS architecture, and invest heavily in related AWS security research.  This post will cover our recent findings in new IAM Privilege Escalation methods – 17 in total –…

SleuthQL: A SQL Injection Discovery Tool

Authenticated File Read Vulnerability in JasperReports

Exploiting ShoreTel Communicator through Situational Awareness

Benjamin Caudill

Recently, the Rhino Security Labs team was tasked with an internal network assessment for an environment which ran a predominantly Windows environment. There are some bells that go off immediately in an assessor’s mind when within a…