Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Compliance

Using AWS Account ID’s for IAM User Enumeration

Benjamin Caudill

In our AWS IAM post from last week, we highlighted a technique that penetration testers can use to automate the process of enumerating the IAM roles of other AWS accounts. As long as the attacker knows the victim’s AWS account ID,…

Read more
Compliance

GDPR and Penetration Testing: What You Need to Know

Compliance

Security for SaaS Companies:
Leveraging Infosec for Business Value

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Google Cloud
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Uncategorized
Compliance

AWS Essentials: Top 5 Tests for Penetration Testing AWS

Benjamin Caudill

In recent weeks, there have been a number of AWS (Amazon Web Services) breaches revealing several different types of vulnerabilities including leaky S3 buckets, misconfigurations and compromised AWS environments. Techniques for assessing…

Read more