Benjamin Caudill

We’re growing the assessment team! Rhino Security Labs is hiring an Associate Pentester who has webapp pentest skills and a strong desire to learn more. Sound like you (or someone you know)? More info here: https://t.co/p3hcU2uyUn

New Rhino Blog Post: CVE-2024-55963: Unauthenticated RCE in Default-Install of Appsmith https://t.co/TYMCIrXYUY

Anyone doing logging specific to protecting LLM APIs? (Or looking at LLM attack signatures pre-exploit?) Looks like a big, unserved market as everyone rushes to roll out LLM features (and no idea how to monitor abuse)

We have never heard of this until yesterday. RhinoSecurity wrote a paper on AWS S3 extortion, the methodology in which it's deployed, and wrote a simple AWS CLI script to accomplish the task. It's 25 lines of Python code.

Good opportunity for those B2B sales folks looking to get into a more technical AM role

It took them 2 and a half years, but it looks like AWS has finally defeated the GuardDuty bypass using VPC Endpoints. Hats off to the team, but I’m going to miss this technique. https://t.co/x2s35MQih2

New Blog Post: CloudGoat: New Scenario and Walkthrough (sns_secrets) https://t.co/opL603txlU

OSS projects are like children: - The most fun is the initial creation - The headache grows as they do - Lots of people will tell you what you ‘should’ be doing (and very few will offer to help)

Those struggling with social anxiety or trust issues - consider AI as an alternative to therapy. I provided a few pages of my background, priorities, beliefs, etc and asked what “candid insights” I should know about myself. Learned more in 2 minutes than 10 years of therapy.

Caroline Ellison gets 24 months Ross Ulbright double life sentence Make it make sense