Rhino Security Labs

Strategic & Technical Blog

Bypassing IP Based Blocking with AWS API Gateway

David Yesland
August 13, 2019

In external and red team engagements, we often come across different forms of IP based blocking. This prevents things like password brute forcing, password spraying, API rate limiting, and other forms of IP blocking like web application…

Escalating AWS IAM Privileges with an
Undocumented CodeStar API

NVIDIA GeForce Experience OS Command Injection

CVE-2019-0227: Expired Domain to Remote Code Execution in Apache Axis

David Yesland

Apache Axis™ is a Simple Object Access Protocol (SOAP) engine. During a recent red team engagement we came across an install of an old version of Apache Axis, version 1.4. There are now newer versions such as Apache Axis2, Apache CXF, and…