Rhino Security Labs

Strategic & Technical Blog

SleuthQL: A SQL Injection Discovery Tool

Dwight Hohnstein
May 22, 2018

Burpsuite is the de facto standard of web application auditing tools, simplifying the discovery and exploitation of application vulnerabilities. Burp’s “Active Scanner” identifies a range of application flaws – from missing…

Authenticated File Read Vulnerability in JasperReports
(CVE-2018-5430)

Exploiting ShoreTel Communicator through Situational Awareness

Amazon’s AWS Misconfiguration:
Arbitrary Files Upload in Amazon Go

Spencer Gietzen

Earlier this year, Amazon introduced Amazon Go, a brand-new kind of grocery store featuring automated check-out lines and no cashiers! These stores are poised to revolutionize the way that people shop for groceries.
On a very high level,…