Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @RhinoSecurity
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @RhinoSecurity
-
Rhino Security Labs proslijedio/la je Tweet
Cloud-related research releases from the
@RhinoSecurity#infosec#pentest#bugbounty https://github.com/RhinoSecurityLabs/Cloud-Security-Research …pic.twitter.com/qkSweHLQWIHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
If you were not able to make it to
@artintoscience con today and missed@rodsoto and my talk on creating a Unified Cloud Data Model https://buff.ly/2TBNlab . Here is the next best thing, demo video https://buff.ly/3709N0c .pic.twitter.com/BfIpUYL0ws
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
The
@RhinoSecurity blog has been very quiet for the last month(s). /me suspects lots of secret work on the background. SaaS?Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
We are publishing 2 part article on Hunting for Capital One Breach TTPs in
#AWS logs using#AzureSentinel. Part 1: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Hunting-for-Capital-One-Breach-TTPs-in-AWS-logs-using-Azure/ba-p/1014258 …
Thanks to @RhinoSecurity for#Cloudgoat toolkit.pic.twitter.com/UNXombv4F3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
Yesterday we had an amazing workshop on AWS Penetration Testing where we got to play with
@RhinoSecurity's Cloud Goat and Pacu. Thank you to all the attendees and to the people at Rhino for sending us some swag!pic.twitter.com/ndrpZsIfLP
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
Wait is over .. Read final part 2 which is focused on aws log data ingestion ,
#hunting and investigation of Capital one breach TTPs in#AzureSentinel https://techcommunity.microsoft.com/t5/Azure-Sentinel/Hunting-for-Capital-One-Breach-TTPs-in-AWS-logs-using-Azure/ba-p/1019767 … https://twitter.com/ashwinpatil/status/1196455153009774592 …pic.twitter.com/wgEyeIocB3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
AWS joins GCP and Azure in protecting the instance metadata service, including additional session-based features that other cloud providers don't havehttps://amzn.to/35lDZSl
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Check out part one of
@ashwinpatil's two-part series on the Capital One Breach! In this post, he walks through how to set up and complete the CloudGoat cloud_breach_s3 scenario.http://bit.ly/2OsN0CcHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
#AWS IAM Privilege Escalation Methods : A good list of 28 to have in mind when building an architecture and reviewing risks!@RhinoSecurity@SpenGietz https://buff.ly/30YnSrA pic.twitter.com/oZSB67qcbB
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Check out our latest blog post, a walkthrough of the 3 different vulnerabilities discovered by
@daveysec in the LabKey Server--stored XSS, CSRF leading to RCE, and XXE allowing arbitrary file read:http://bit.ly/2WmTCpfHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
Got AWS keys in a pentest or through a bug bounty program? Check out these 28 AWS IAM privilege escalation methods I put together on GitHubhttps://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
In case you missed it, check out our most recent blog post on CVE-2019-16116: CompleteFTP Server Local Privilege Escalationhttp://bit.ly/35TLxg6
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs is hiring! We're looking for an Associate Penetration Tester and an Associate Cloud Penetration Tester. Apply at the link below.
#infosecjobshttp://bit.ly/2IZkGpkHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
AWS auditing tools. Something for everyone. - Defensive - Offensive - Continuous Monitoring - DFIR - Development Security - S3 Buckets Auditing - Training - Otherhttps://github.com/toniblyx/my-arsenal-of-aws-security-tools …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
CVE-2019-16864 from Rhino assessor
@be0vlk: CompleteFTP versions <12.1.4 have broken access controls in SSH, which allow remote code execution as SYSTEM via the "exec" command for any authenticated Windows user. Check out the PoC on our GitHub: http://bit.ly/31Z6FiQ pic.twitter.com/LfAi3Zl66u
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Rhino Security Labs proslijedio/la je Tweet
So AWS Cloudfront protects against http desync / request smuggling attacks, but ALB is still vulnerable. I contacted
@AWSSecurityInfo and their response was that the vulnerability fix will be a *configurable option* and to contact support. Not a good look imopic.twitter.com/hIL7TN7pha
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you're not familiar with CCAT, you can also check out our blog about using CCAT with AWS!https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We just merged in
@itgel_ganbold's latest pull request to CCAT, which adds support for GCP to each of the existing modules! Check it out here:http://bit.ly/30I9ljwPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
New blog! This post is a walkthrough of CVE-2019-16116 in CompleteFTP, which allows an attacker to hijack the admin account & run arbitrary code with SYSTEM privileges.http://bit.ly/2moIPgK
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We're
#hiring for two penetration testing roles! You can apply at the links below. Associate Cloud Penetration Tester - https://rhino-security-labs.workable.com/j/55E93E2E2A Associate Penetration Tester - https://rhino-security-labs.workable.com/j/6978653D44 Or check out our careers page!https://rhinosecuritylabs.com/careers/#open-positions …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.