Rhino Security Labs

Strategic & Technical Blog

Using AWS Account ID’s for IAM User Enumeration

Benjamin Caudill

In our AWS IAM post from last week, we highlighted a technique that penetration testers can use to automate the process of enumerating the IAM roles of other AWS accounts. As long as the attacker knows the victim’s AWS account ID,…

GDRP and Penetration Testing: What You Need to Know

Security for SaaS Companies:
Leveraging Infosec for Business Value

AWS Essentials: Top 5 Tests for Penetration Testing AWS

Benjamin Caudill

In recent weeks, there have been a number of AWS (Amazon Web Services) breaches revealing several different types of vulnerabilities including leaky S3 buckets, misconfigurations and compromised AWS environments. Techniques for assessing…