Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ BountyOn 17.11.2021 I reported a critical security issue in Microsoft Dynamics Container Sandbox, that allows Microsoft Customers to setup a…Jun 1, 2022Jun 1, 2022
CyberArk Endpoint Manager Local Privilege Escalation CVE-2021–44049.On 25.10.2021 I reported a Local Privilege escalation vulnerability on CyberArk EPM which is used to help organization in enforcing least…Jan 14, 2022Jan 14, 2022
I Own Your “Cloud Shell”: Taking over “Azure Cloud Shell” Kubernetes Cluster Through Unsecured…“Azure Cloud Shell is a browser-based shell experience to manage and develop Azure resources.Feb 15, 2021Feb 15, 2021
Published inFAUN — Developer Community 🐾In Cloud we “Trust”: Wrong Kubernetes implementation by Google Cloud Platform & Microsoft Azure…Kubernetes is the leading container orchestration platform for SMB and enterprises that provides a fast deployment, load balancing, high…Jan 12, 2020Jan 12, 2020
Breaking out of the container without Zero Day — Can that happen to me?On the 30.5.2019 I Presented at OWASP Global AppSec Tel Aviv conference with my team leader Asher Genachowski.Nov 19, 2019Nov 19, 2019