Rhino Security Labs

@RhinoSecurity

Rhino Security Labs is a top penetration testing and security assessment firm with a focus on cloud (AWS, GCP, Azure), network, and web application pentesting.

Seattle, WA
Vrijeme pridruživanja: veljača 2013.

Tweetovi

Blokirali ste korisnika/cu @RhinoSecurity

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @RhinoSecurity

  1. proslijedio/la je Tweet
    20. sij
    Poništi
  2. proslijedio/la je Tweet
    15. sij

    If you were not able to make it to con today and missed and my talk on creating a Unified Cloud Data Model . Here is the next best thing, demo video .

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    10. sij

    The blog has been very quiet for the last month(s). /me suspects lots of secret work on the background. SaaS?

    Poništi
  4. proslijedio/la je Tweet
    18. stu 2019.
    Poništi
  5. proslijedio/la je Tweet
    13. pro 2019.

    Yesterday we had an amazing workshop on AWS Penetration Testing where we got to play with 's Cloud Goat and Pacu. Thank you to all the attendees and to the people at Rhino for sending us some swag!

    Poništi
  6. proslijedio/la je Tweet
    20. stu 2019.
    Prikaži ovu nit
    Poništi
  7. AWS joins GCP and Azure in protecting the instance metadata service, including additional session-based features that other cloud providers don't have

    Poništi
  8. Check out part one of 's two-part series on the Capital One Breach! In this post, he walks through how to set up and complete the CloudGoat cloud_breach_s3 scenario.

    Poništi
  9. proslijedio/la je Tweet

    IAM Privilege Escalation Methods : A good list of 28 to have in mind when building an architecture and reviewing risks!

    Poništi
  10. Check out our latest blog post, a walkthrough of the 3 different vulnerabilities discovered by in the LabKey Server--stored XSS, CSRF leading to RCE, and XXE allowing arbitrary file read:

    Poništi
  11. proslijedio/la je Tweet
    23. lis 2019.

    Got AWS keys in a pentest or through a bug bounty program? Check out these 28 AWS IAM privilege escalation methods I put together on GitHub

    Prikaži ovu nit
    Poništi
  12. In case you missed it, check out our most recent blog post on CVE-2019-16116: CompleteFTP Server Local Privilege Escalation

    Poništi
  13. Rhino Security Labs is hiring! We're looking for an Associate Penetration Tester and an Associate Cloud Penetration Tester. Apply at the link below.

    Poništi
  14. proslijedio/la je Tweet
    15. lis 2019.

    AWS auditing tools. Something for everyone. - Defensive - Offensive - Continuous Monitoring - DFIR - Development Security - S3 Buckets Auditing - Training - Other

    Poništi
  15. 8. lis 2019.

    CVE-2019-16864 from Rhino assessor : CompleteFTP versions <12.1.4 have broken access controls in SSH, which allow remote code execution as SYSTEM via the "exec" command for any authenticated Windows user. Check out the PoC on our GitHub:

    Poništi
  16. proslijedio/la je Tweet
    4. lis 2019.

    So AWS Cloudfront protects against http desync / request smuggling attacks, but ALB is still vulnerable. I contacted and their response was that the vulnerability fix will be a *configurable option* and to contact support. Not a good look imo

    Poništi
  17. 3. lis 2019.

    If you're not familiar with CCAT, you can also check out our blog about using CCAT with AWS!

    Prikaži ovu nit
    Poništi
  18. 3. lis 2019.

    We just merged in 's latest pull request to CCAT, which adds support for GCP to each of the existing modules! Check it out here:

    Prikaži ovu nit
    Poništi
  19. 1. lis 2019.

    New blog! This post is a walkthrough of CVE-2019-16116 in CompleteFTP, which allows an attacker to hijack the admin account & run arbitrary code with SYSTEM privileges.

    Poništi
  20. We're for two penetration testing roles! You can apply at the links below. Associate Cloud Penetration Tester - Associate Penetration Tester - Or check out our careers page!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·