Rhino Security Labs

Strategic & Technical Blog

CloudGoat goes Serverless:
A walkthrough of Vulnerable Lambda Functions

Mitch Fentz

CloudGoat is Rhino Security Labs’s AWS pentest training tool, deploying “vulnerable by design” AWS infrastructure to exploit it safely (and legally) in your own environment. This blog post will walk through the new vulnerable_lambda…

Cloud Malware:
Resource Injection in CloudFormation Templates

CloudGoat ECS_EFS_Attack Walkthrough

GKE Kubelet TLS Bootstrap Privilege Escalation

Jack Ganbold

Kubernetes is becoming increasingly popular and the de facto standard for container orchestration. In recent Google Cloud Platform (GCP), Amazon Web Service (AWS), and Azure cloud pentests, we have seen many of our clients using Kubernetes…