Technical Deep Dives
Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions
In the world of software development, automation is a huge time-saver, and GitHub Actions is one of the best tools...
All articles by Ofir Yakobi
Technical Deep Dives
Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks
We’re excited to announce that the Orca Research Pod has launched AI Goat, the first open source AI security hands-on...
Orca Platform
How to Detect and Mitigate CVE-2024-6387: a Critical RCE Vulnerability in OpenSSH
A critical Remote Unauthenticated Code Execution (RCE) vulnerability has been discovered in OpenSSH server (sshd) on glibc-based Linux systems (Ubuntu,...
Technical Deep Dives
Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications
Table of contentsBuilding the vulnerable scenariosScenario 1: Web application vulnerabilityScenario 2: CI/CD server vulnerabilityAutomated vulnerability detection using Nuclei templatesScenario 1:...
‘Orca Watch’ Series
POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)
With 84% of vulnerable and exposed TeamCity servers likely already compromised, the recent issue in JetBrains’ TeamCity illustrates how a...
Discovered Vulnerabilities
How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production
Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.