News

Amazon AppFlow vulnerabilities: Undocumented API allowed reading partial secrets, SSRF in WooCommerce connector

OSRU @ Ronin // November 6, 2023

Amazon AppFlow is a fully managed integration service for transferring data between software-as-a-service (SaaS) applications (for example, Salesforce, Zendesk, Slack, and ServiceNow) and AWS services.

AWS CloudShell analysis: privileged container, exposed block devices and container escape(s)

OSRU @ Ronin // October 23, 2023

AWS CloudShell is a browser-based, pre-authenticated shell that you can launch directly from the AWS Management Console. It essentially is an ephemeral virtual machine with AWS CLI and other development tools pre-installed.

Tidy your data, it's a mesh

Neil Haskins | Co-Founder // July 22, 2022

Ronin is ready. Our world’s first Distributed Data Operating System was designed from a data first principle. In this white paper, we talk about step one on your Data Mesh journey, firstly understanding the concept.

To Consul or Not To Consul (CVE-2022-29153)

OSRU @ Ronin // April 15, 2022

The Offensive Security Research Unit at RONIN.AE discovered and responsibly disclosed a security vulnerability affecting HashiCorp’s Consul & Consul Enterprise all versions up to 1.9.16, 1.10.9, and 1.11.4; and was fixed in 1.9.17, 1.10.10, and 1.11.5.

Get the latest from Ronin.

Amazon AppFlow vulnerabilities: Undocumented API allowed reading partial secrets, SSRF in WooCommerce connector

OSRU @ Ronin // November 6, 2023

AWS CloudShell analysis: privileged container, exposed block devices and container escape(s)

OSRU @ Ronin // October 23, 2023

Tidy your data, it's a mesh

Neil Haskins | Co-Founder // July 22, 2022

To Consul or Not To Consul (CVE-2022-29153)

OSRU @ Ronin // April 15, 2022