Rhino Security Labs

Strategic & Technical Blog

Simplifying API Pentesting With Swagger Files

David Yesland

The current OpenAPI parsing and handling tools are not geared towards pentesting an API. We created Swagger-EZ to make getting up and running with API pentesting faster and less painful. The Github repository is here.
When auditing an API…

Cloud Breach: Compromising AWS IAM Credentials

AWS IAM Enumeration 2.0: Bypassing CloudTrail Logging

Using AWS Account ID’s for IAM User Enumeration

Benjamin Caudill

In our AWS IAM post from last week, we highlighted a technique that penetration testers can use to automate the process of enumerating the IAM roles of other AWS accounts. As long as the attacker knows the victim’s AWS account ID,…