Rhino Security Labs

Strategic & Technical Blog

Unauthenticated AWS Role Enumeration (IAM Revisited)

Spencer Gietzen

When attacking an AWS cloud environment, its important to use leverage unauthenticated enumeration whenever possible. This kind of IAM recon can help you gain a better understanding of the environment itself, the users and applications that…

AWS IAM Privilege Escalation – Methods and Mitigation

Cloud Breach: Compromising AWS IAM Credentials

AWS IAM Enumeration 2.0: Bypassing CloudTrail Logging

Spencer Gietzen

With a major focus in cloud security architecture, we’ve released several attack vectors and security tools around AWS.  Pacu brought the first AWS exploitation framework, CloudGoat a vulnerable-by-design cloud environment, and today we…