Rhino Security Labs

Strategic & Technical Blog

Java Deserialization Exploitation With
Customized Ysoserial Payloads

David Yesland

During a recent application assessment at Rhino we identified a Java deserialization vulnerability which ended up leading to unauthenticated remote code execution. Exploitation of the vulnerability turned out to not be as simple as…

Fuzzing Left4Dead 2 with CERT’s
Basic Fuzzing Framework

Weaponizing AWS ECS Task Definitions
to Steal Credentials From Running Containers

CloudGoat AWS Scenario Walkthrough: “EC2_SSRF”

Sebastian Mora

CloudGoat is a tool that can help cloud training by providing vulnerable CTF-style AWS environments to help anyone learn about AWS security. This walkthrough will cover the CloudGoat attack simulation “ec2_ssrf”.
This challenge was…