New Blog from @RhinoSecurity! IAMActionHunter: Query AWS IAM permission policies with ease

New Rhino Blog Post: CVE-2024-46506: Unauthenticated RCE in NetAlertx

New Rhino Blog Post: CVE-2024-46507: Yeti Platform Server-Side Template Injection (SSTI)

@MrHasanabas just caught this, sorry for the delay. DMd to chat

@tobalotv This research was actually released back in 2017 (we were bit ahead of the curve). Great there's interest in it again!

New Rhino Blog Post: CloudGoat Official Walkthrough Series: ‘sqs_flag_shop’

New Blog Post: CloudGoat: New Scenario and Walkthrough (sns_secrets)

New Blog Post: CloudGoat Official Walkthrough Series: ‘glue_privesc’

Cloudgoat: We've created scenario guidelines and example template scenario to help the community build new scenarios. Get started today -

New Blog Post: Vestaboard: Exploring Broken Access Controls and Privilege Escalation

Now hiring: Associate Application Pentester Does this sound like you? Now accepting applications!

New Blog Post: CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon

New Blog Post: CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster

New Blog Post: CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster

Big thanks to @dayzerosec for featuring Rhino CVE-2024-23724, Stored XSS in Ghost CMS leading to "Owner" takeover, on their most recent podcast. Day[0] reviews the full vulnerability details and provide expert analysis:

The best way to learn AWS Pentesting is with hands-on practice which is why we created CloudGoat - a free vulnerable by design AWS deployment tool. This video walks you through creating a free tier AWS account and launching the first scenario.

After reviewing 90+ candidates, we have selected Jason Taylor as the winner of our career coaching package! Jason will receive a full resume review, a technical interview, and personalized feedback from our penetration testing team.

New Blog Post: CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover

Security research is key to quality penetration testing. In 2023 alone, we discovered & responsibly disclosed 12 CVEs. Stay tuned for new research dropping in 2024.

Spring 2024 Career Coaching applications are now closed, with 100+ submissions received! We will review all applications, and the selected candidate will be announced on February 26th.