Rhino Security Labs

Strategic & Technical Blog

Abusing VPC Traffic Mirroring in AWS

Spencer Gietzen

There are many reasons that a person might want to monitor the network traffic in a cloud environment–for both offensive and defensive purposes. Passive network inspection can be difficult in the cloud and would previously require…

Exploiting AWS ECR and ECS with
the Cloud Container Attack Tool (CCAT)

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

AWS IAM Privilege Escalation – Methods and Mitigation – Part 2

Spencer Gietzen

IAM privilege escalation in AWS occurs when an IAM resource (such as a user, group or role) is able to abuse their permissions to grant themselves even more permissions than they originally had. It continues to be one of the most prevalent…