Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Cloud Security

Abusing VPC Traffic Mirroring in AWS

Spencer Gietzen

There are many reasons that a person might want to monitor the network traffic in a cloud environment–for both offensive and defensive purposes. Passive network inspection can be difficult in the cloud and would previously require…

Read more
Cloud Security

Exploiting AWS ECR and ECS with
the Cloud Container Attack Tool (CCAT)

Cloud Security

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Cloud Security

AWS IAM Privilege Escalation – Methods and Mitigation – Part 2

Spencer Gietzen

IAM privilege escalation in AWS occurs when an IAM resource (such as a user, group or role) is able to abuse their permissions to grant themselves even more permissions than they originally had. It continues to be one of the most prevalent…

Read more