Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
AWS

CVE-2022-25165:
Privilege Escalation to SYSTEM in AWS VPN Client

David Yesland

The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation and an information disclosure vulnerability that allows the user’s Net-NTLMv2 hash to be leaked via a UNC path in a…

Read more
AWS

CVE-2021-38112:
AWS WorkSpaces Remote Code Execution

AWS

Cloud Malware:
Resource Injection in CloudFormation Templates

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Google Cloud
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Uncategorized
AWS

Downloading and Exploring AWS EBS Snapshots

Ryan Gerstenkorn

AWS EBS snapshots are static backups of AWS EBS volumes. In other words, they are copies of the disks attached to an EC2 Instance at a specific point in time. EBS snapshots can be copied across regions and accounts, or even downloaded and…

Read more