
Rhino Security Labs
@RhinoSecurity
Followers
7K
Following
2K
Media
52
Statuses
4K
Rhino Security Labs is a top penetration testing and security assessment firm with a focus on cloud (AWS, GCP, Azure), network, and web application pentesting.
Seattle, WA
Joined February 2013
We’re growing the assessment team! .Rhino Security Labs is hiring an Associate Pentester who has webapp pentest skills and a strong desire to learn more. Sound like you (or someone you know)? . More info here:
apply.workable.com
Rhino Security Labs is a boutique cybersecurity assessment and penetration testing company focused on providing highly technical security engagements to our clients.For the security layman, we...
1
9
15
New Rhino Blog Post: Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities.
rhinosecuritylabs.com
While performing research on Infoblox's NetMRI network automation and configuration management solution, we discovered 5 vulnerabilities.
0
5
18
New Rhino Blog Post: CVE-2025-26147: Authenticated RCE In Denodo Scheduler.
rhinosecuritylabs.com
Rhino Security Labs found CVE-2025-26147 in Denodo Scheduler, an application administrators use to configure servers, databases, and specify forms of authentication.
0
8
15
New Rhino Blog Post: Newest Pacu Module: Secret Enumeration in Elastic Beanstalk.
rhinosecuritylabs.com
Pacu's newest scenario, enumerating Elastic Beanstalk for Secrets, was built to save users hours of testing during an AWS penetration test.
0
7
20
New Rhino Blog Post: CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith.
rhinosecuritylabs.com
The Rhino research team decided to take a look at the Appsmith Enterprise Edition product. This led to the discovery of three new CVEs.
0
13
25
New Rhino Blog Post: CVE-2025-0693: AWS IAM User Enumeration.
rhinosecuritylabs.com
Rhino Security Labs discovered two username enumeration vulnerabilities in the AWS Web Console.
0
10
23
New Rhino Blog Post: CVE-2024-46507: Yeti Platform Server-Side Template Injection (SSTI).
rhinosecuritylabs.com
Yeti is a Forensic Intelligence platform and pipeline for DFIR teams. Rhino Security Labs will detail 2 security flaws that, combined, lead to unauthenticated RCE.
0
5
14
We're hiring for an Account Manager!.Looking to grow in your sales career and build technical expertise on the way? .We might be a fit - lets chat!. Details and application:.
apply.workable.com
Rhino Security Labs is a boutique cybersecurity assessment and penetration testing company focused on providing highly technical security engagements to our clients.For the security layman, we...
2
2
9
New Rhino Blog Post: CloudGoat Official Walkthrough Series: ‘sqs_flag_shop’.
rhinosecuritylabs.com
This post walks through a new CloudGoat scenario, sqs_flag_shop in AWS.
0
3
8
New Blog Post: Vestaboard: Exploring Broken Access Controls and Privilege Escalation.
rhinosecuritylabs.com
During research on the Vestaboard web platform, the Rhino Security Labs research team identified three vulnerable instances of Broken Access Controls.
0
5
18
Now hiring: Associate Application Pentester.Does this sound like you? Now accepting applications! .
apply.workable.com
Rhino Security Labs is a boutique cybersecurity assessment and penetration testing company focused on providing highly technical security engagements to our clients.For the security layman, we...
1
4
10
New Blog Post: CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon.
rhinosecuritylabs.com
CVE-2024-2389 unauthenticated command injection vulnerability found in Progress Flowmon server.
1
19
41
New Blog Post: CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster.
rhinosecuritylabs.com
This blog covers 2 vulnerabilities discovered by Rhino Security Labs in Kemp LoadMaster load balancers: CVE-2024-2448 and CVE-2024-2449.
0
14
29
New Blog Post: CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster.
rhinosecuritylabs.com
CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.
3
22
68
Big thanks to @dayzerosec for featuring Rhino CVE-2024-23724, Stored XSS in Ghost CMS leading to "Owner" takeover, on their most recent podcast. Day[0] reviews the full vulnerability details and provide expert analysis:.
0
0
3