Hacker News
- Command Injection Vulnerability in Progress Flowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/ 0 comments
- The Capital One Breach and “Cloud_breach_s3” CloudGoat Scenario https://rhinosecuritylabs.com/aws/capital-one-cloud_breach_s3-cloudgoat/ 2 comments
- Assume the Worst: Enumerating AWS Roles Through ‘AssumeRole’ https://rhinosecuritylabs.com/aws/assume-worst-aws-assume-role-enumeration/ 6 comments
- CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM https://rhinosecuritylabs.com/research/cve-2022-26113-forticlient-arbitrary-file-write-as-system%ef%bf%bc/ 9 comments netsec
- CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ 9 comments netsec
- CVE-2021-41577: MITM to RCE in EVGA Precision X1 https://rhinosecuritylabs.com/research/cve-2021-41577-evga-precision-x1/ 24 comments netsec
- Buffer Overflow Leading to Code Execution in Left4Dead 2 https://rhinosecuritylabs.com/research/buffer-overflow-leading-to-code-execution-in-left4dead-2/ 10 comments netsec
- Privilege Escalation in Google Cloud Platform – Part 1 (IAM) https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/ 4 comments netsec
- Abusing VPC Traffic Mirroring in AWS https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/ 4 comments netsec
- Cloud Container Attack Tool: a new tool used to leverage Docker for attacks against AWS ECS and ECR https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/ 2 comments netsec
- New Burp Suite extension: bypassing IP based blocking with AWS API Gateway https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ 17 comments netsec
- New AWS "vulnerable by design" CloudGoat scenario inspired by the Capital One breach https://rhinosecuritylabs.com/aws/capital-one-cloud_breach_s3-cloudgoat/ 29 comments netsec
- CloudGoat, the "Vulnerable by Design" AWS Deployment Tool, Official Scenario Walkthrough: “rce_web_app” https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/ 3 comments netsec
- Phishing Users with MFA on AWS https://rhinosecuritylabs.com/aws/mfa-phishing-on-aws/ 9 comments netsec
- CloudGoat 2 officially released: new & improved “vulnerable by design” AWS deployment tool https://rhinosecuritylabs.com/aws/introducing-cloudgoat-2/ 5 comments netsec
- Escalating AWS IAM Privileges with an Undocumented CodeStar API https://rhinosecuritylabs.com/aws/escalating-aws-iam-privileges-undocumented-codestar-api/ 3 comments netsec
- Attack vector for an S3 Ransomware https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/ 6 comments netsec
- New Exploit in NVIDIA GeForce Experience Reported: OS Command Injection https://rhinosecuritylabs.com/application-security/nvidia-rce-cve-2019-5678/ 119 comments nvidia
- NVIDIA GeForce Experience OS Command Injection: CVE-2019-5678 https://rhinosecuritylabs.com/application-security/nvidia-rce-cve-2019-5678/ 58 comments netsec
- CVE-2019-0227: Remote Code Execution in Apache Axis https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/ 4 comments netsec
- NVIDIA Arbitrary File Writes to Command Execution CVE-2019-5674 https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/ 6 comments netsec
- Exploiting AWS 'AssumeRole' API for IAM enumeration https://rhinosecuritylabs.com/aws/aws-role-enumeration-iam-p2/ 4 comments netsec
- CloudGoat: Intentionally vulnerable AWS Environment in Terraform https://rhinosecuritylabs.com/aws/cloudgoat-vulnerable-design-aws-environment/ 4 comments netsec
- AWS Privilige Escalation - Methods and Mitigation https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/ 17 comments netsec
- SleuthQL - SQL Injection Discovery Tool https://rhinosecuritylabs.com/application-security/sleuthql-sql-injection-discovery-tool/ 8 comments netsec
- CSV Formula Injection vulnerability in AWS CloudTrail https://rhinosecuritylabs.com/aws/cloud-security-csv-injection-aws-cloudtrail/ 8 comments netsec
- Microsoft Azure CSV Injection https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-vulnerability/ 6 comments netsec
- Evading CloudFlare: Bypass Cloud Security Protections with CFire https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/ 13 comments netsec
- Check your S3 permissions https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/ 3 comments aws
- Penetration Testing AWS Storage: Exploiting S3 Access Management https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/ 23 comments netsec
- Unitrends Bug Hunting: Remote Code Execution (CVE-2017-7820) - Chapter 2 https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/ 6 comments netsec
- [deleted by user] https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/ 6 comments netsec
- Four Ways USB Drives Threaten Enterprise Security http://www.rhinosecuritylabs.com/4-ways-usb-drives-threaten-enterprise-security/ 7 comments sysadmin