Research and Vulnerability Disclosures
Security research and development is key to quality penetration testing, and the core of our identity. With our pentesting services targeted at sophisticated attack capabilities, we're constantly pushing to identify new flaws in customer infrastructure and applications. From AWS security research and reversing web applications to adding to our suite of proprietary attack tools, we're relentless in pushing the envelope. By developing these unique capabilities, we do more than just grow the sophistication of our services - we support the security community as a whole.
Tool Development and Research
AWS Security Research
To identify and demonstrate the risks in AWS cloud hosting, Rhino Security Labs developed a series of tools for blackbox testing of AWS environments.
Tools and techniques for targeting S3 buckets are demonstrated in this article.
Cloud Security Bypass Tools
With clients often leveraging cloud security tools, our research has included these platforms.
This cloud security bypass tool ("CFire") identifies misconfigurations in Cloudflare, allowing attackers to target the server directly.
Vulnerability Disclosures
The right zeroday vulnerability can bypass multiple layers of protection -- and can provide useful in simulating advanced attackers. As part of our research efforts, we search for vulnerabilities in a range of applications and protocols, providing new attack vectors to sophisticated clients. But you don't need to be a client to benefit from this research; We adhere to a strict Vulnerability Disclosure Policy and work closely with vendors to get risks fixed - improving the security for everyone in the process.
Epson Embedded Devices: Backdoor Authentication
As part of our IoT/Embedded Systems research, we looked at Epson projectors and the proprietary "EasyMP" authentication protocol. As part of this review, backdoor credentials and other vulnerabilities were identified, affecting millions of devices around the world.
UNIX Kernel Vulnerabilities (IBM AIX)
With some of the foremost experts in UNIX security, kernel and driver code review has become a core competency. Inspecting the security-hardened IBM AIX Operating System, we found a number of previously-unknown risks, including 3 privilege escalation flaws.
Unitrends Backup Server Remote-Code Execution
Backup servers contain some of the most sensitive in the organization, often with less monitoring than production systems. To support a major assessment, new attacks were developed against the Unitrends Enterprise Backup Server, highlighting a series of risks in the process. Disclosure and partnership with the vendor has resulted in a more secure product for all Unitrends customers.
OwnCloud Private Cloud Vulnerabilities
While some clients are opting for private cloud hosting, those applications still often have security issues. In this case, the open source Owncloud server was reviewed as part of a larger client engagement. Rhino Security Labs reverse engineered various proprietary functions, identifying authentication and SMB handling flaws.
Full List of Vulnerability Disclosures
CVE-2021-38112: AWS WorkSpaces Remote Code Execution
CVE-2021-21514: Dell OpenManage Server Administrator Arbitrary File Read
CVE-2020-5377: Dell OpenManage Server Administrator Arbitrary File Read
CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure
CVE-2019-9926: LabKey Server CSRF
CVE-2019-9758: LabKey Server Stored XSS
CVE-2019-9757: LabKey Server XXE
CVE‑2019‑5678: Command Injection in NVIDIA GeForce Experience Web Helper
CVE-2019-5674: NVIDIA Arbitrary File Writes to Command Execution
CVE-2018-8024: Apache Spark XSS vulnerability in UI
CVE-2018-5757: Authenticated RCE in AudioCodes 450HD Phone
CVE-2018-20621: MEmu Android Emulator Local Privilege Escalation
CVE-2018-1000110 - Jenkins Information Disclosure to Unauthenticated Users
CVE-2017-12861 - Epson Authentication Bruteforce Vulnerability
CVE-2017-12860 - Epson Hard-Coded Credentials Vulnerability
CVE-2017-7284 - Unitrends Enterprise Backup Privilege Escalation in users.php File
CVE-2017-7283 - Unitrends Enterprise Backup Remote Code Execution in restore.php File
CVE-2017-7282 - Unitrends Enterprise Backup Local File Inclusion
CVE-2017-7281 - Unitrends Enterprise Backup Remote Code Execution in reports.php File
CVE-2017-7280 - Unitrends Enterprise Backup Remote Code Execution in systems.php File
CVE-2017-7279 - Unitrends Enterprise Backup Privilege Escalation in Token Cookie
CVE-2016-9463 - NextCloud/ownCloud SMB User Authentication Bypass
CVE-2016-8972 - IBM AIX Bellmail Privilege Escalation Vulnerability
CVE-2016-6079 - IBM AIX lquerylv Local Privilege Escalation Vulnerability
CVE-2016-3053 - IBM AIX lmscode Local Privilege Escalation Vulnerability
Get a Quote
Complete the request form and a highly-technical, experienced security consultant will reach out to discuss your needs. We create customized quotes tailored to fit your unique environment.
The more details you can provide about your security needs, the better.
We'll respond to your message within 24 hours.