Rhino Security Labs Blog

Posted in Penetration Testing, Research

Penetration Testing AWS Storage: Kicking the S3 Bucket

AWS Cloud

In our last AWS penetration testing post, we explored what a pentester could do after compromising credentials of a cloud server. In this installment, we’ll look at an Amazon Web Service (AWS) instance from a no-credential situation and specifically, potential security vulnerabilities in AWS S3 “Simple Storage” buckets. After walking through the AWS S3 methodology, […]

Posted in Information Security, Penetration Testing

The Business Case for Penetration Testing Your Network

Penetration Test ROI

There are two vernaculars spoken in every organization: technical and non-technical. Any technical person has experienced the frustration of explaining technical details and why they’re important, just to have a non-technical person stare blankly back at them. It’s no surprise then that conveying the value of a penetration test can fall on deaf ears when […]

Posted in Research

Unitrends Vulnerability Hunting: Remote Code Execution (CVE-2017-7280) – Chapter 2

This is chapter two of a two part series on Remote Code Execution (RCE) vulnerability hunting in Unitrends. Fixes to these bugs are available in the latest Unitrends update. The exploits for the Unitrends vulnerabilities mentioned in this security research series can be found on the Rhino Security GitHub page. In chapter one of this […]

Posted in Research

Unitrends Vulnerability Hunting: Remote Code Execution (CVE-2017-7280) – Chapter 1

This is chapter one of a two part series on Remote Code Execution (RCE) vulnerability hunting in Unitrends. Fixes to these bugs are available in the latest Unitrends update. The exploits for the Unitrends vulnerabilities mentioned in this security research series can be found on the Rhino Security GitHub page. What is Unitrends? Unitrends is […]

Posted in Application Security, Penetration Testing

Username Enumeration on RSA 2017

RSA is a major information security conference in San Francisco every spring. With a tagline of “where the world talks security”, RSA is the epicenter of new infosec technologies. Yet despite the tagline, the security of the conference itself leaves attendees exposed. Through the normal registration process, Rhino Security Labs researchers identified vulnerabilities allowing an […]

Posted in Research

UNIX Nostalgia: AIX Bug Hunting Part 2 – Bellmail Privilege Escalation (CVE-2016-8972)

The exploits for the IBM AIX vulnerabilities mentioned in this security research series can be found on the Rhino Security GitHub page. In our previous blog-post, we started the conversation by working with vulnerabilities which had been previously reported but were reintroduced, either by regression or incomplete patching of the respective issues. With this installment […]

Posted in Research

UNIX Nostalgia: Hunting for Zeroday Vulnerabilities on IBM AIX

The exploits for the IBM AIX vulnerabilities mentioned in this security research series can be found on the Rhino Security GitHub page. INTRODUCTION: During a recent network penetration test, we had stumbled upon an instance of IBM AIX running behind an important e-commerce endpoint. While much of the environment was made of Linux servers, what […]

Posted in Miscellaneous

The Newest Rhino: Bringing on Hector Monsegur

As outlined in a recent Wired article, Rhino Security Labs is proud to announce our new Assessment and Research Team lead, Hector Monsegur.  An extraordinary security researcher, Hector (once known by the Anonymous pseudonym ‘Sabu’) brings his unrivaled experience to improve the security of our clients.  A contractor for the last year, Hector was integrated […]

Posted in Network Security, Penetration Testing

Operation OwnedCloud: Exploitation and Post-exploitation Persistence

For a recent engagement Rhino Security Lab’s was recruited to assess an internal network whose predominant operating system was Windows. After running tertiary scans and audits, nothing seemed to jump out at us besides an open OwnCloud webserver. Owncloud is a private storage solution that is easy to install and customize based on your environment. […]

Posted in Information Security, Miscellaneous

Gotta Watch ’em All: Pokémon Go Permissions

  Pokémon Go is taking the world by storm. Millions of downloads and huge stock bumps have Niantic Labs as the next big company to watch in the gaming industry; however, due to a security misconfiguration by Niantic Lab’s, they may be the ones watching you. Pokémon Go is available for both iOS and Android, […]