Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Cloud Security

Cloud Breach: Compromising AWS IAM Credentials

Spencer Gietzen
October 29, 2018

With Pacu and our AWS Pentesting simulating attacks on cloud architecture, we often get questions about how keys get lost (or even statements that such an event is unlikely). To address these concerns we’ve written a blog post to walk…

Read more
Cloud Security

AWS IAM Enumeration 2.0: Bypassing CloudTrail Logging

Cloud Security

Using AWS Account ID’s for IAM User Enumeration

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
Application Security
AWS
Azure
Buyers Guide
Cloud Security
Compliance
Enterprise Security
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Cloud Security

Assume the Worst:
Enumerating AWS Roles through ‘AssumeRole’

Spencer Gietzen

Amazon Web Services (AWS) IAM roles are sets of permissions that serve as a common way to delegate access to users or services. Roles can be bestowed to internal and external IAM users, AWS services, applications, and even external user accounts outside of AWS. …

Read more