All articles by Lidor Ben Shitrit

Blog

How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services

Lidor Ben Shitrit Jan 17, 2023

Blog

Unauthenticated SSRF Vulnerability on Azure Digital Twins Explorer

Lidor Ben Shitrit Jan 17, 2023

Blog

Unauthenticated SSRF Vulnerability on Azure Functions

Lidor Ben Shitrit Jan 17, 2023

Blog

Authenticated SSRF Vulnerability on Azure API Management Service

Lidor Ben Shitrit Jan 17, 2023

Blog

Authenticated SSRF Vulnerability on Azure Machine Learning Service

Lidor Ben Shitrit Jan 17, 2023

Orca Security Critical Cloud Security Threat update

Blog

Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained

Lidor Ben Shitrit Jun 13, 2022

Protestware malicious code found in NPM package node-ipc in Russia / Belarus, overwriting entire file systems with heart emojis to symbolize peace.

Blog

Open Source Package Risks in Cloud Environments and How It Relates to the Russian-Ukrainian Conflict

Lidor Ben Shitrit Apr 27, 2022

Orca researcher Lidor Ben Shitrit reveals how Log4 shell TTPs in an AWS cloud environment can be used to open up a Log4j security vulnerability

Blog

Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS

Lidor Ben Shitrit Apr 13, 2022

A misconfigured service can play a crucial role in facilitating a Server Side Request Forgery (SSRF) attack. Oracle SSRF metadata can help predict it.

Blog

Oracle Server Side Request Forgery (SSRF) Metadata

Lidor Ben Shitrit Feb 08, 2022

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.