Ofir Yakobi, Author at Orca Security

Azure Machine Learning Escalation: When Pipelines Go Off the Rails

Microsoft Azure

Azure Machine Learning Escalation: When Pipelines Go Off the Rails

Table of contentsExecutive summaryA quick introduction to Azure Machine LearningHow AML pipelines are commonly usedHow the privilege escalation vulnerability could...

Ofir Yakobi

Jul 02, 2025

Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms

Research

Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms

Over the last year, we've witnessed a pivotal shift in how large language models (LLMs) are used - not just...

Ofir Yakobi Shir Sadon

May 19, 2025

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Technical Deep Dives

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

In the world of software development, automation is a huge time-saver, and GitHub Actions is one of the best tools...

Ofir Yakobi

Sep 05, 2024

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

Technical Deep Dives

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

We’re excited to announce that the Orca Research Pod has launched AI Goat, the first open source AI security hands-on...

Ofir Yakobi Shir Sadon

Aug 08, 2024

How to Detect and Mitigate CVE-2024-6387: a Critical RCE Vulnerability in OpenSSH

Orca Platform

How to Detect and Mitigate CVE-2024-6387: a Critical RCE Vulnerability in OpenSSH

A critical Remote Unauthenticated Code Execution (RCE) vulnerability has been discovered in OpenSSH server (sshd) on glibc-based Linux systems (Ubuntu,...

Ofir Yakobi

Jul 01, 2024

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Technical Deep Dives

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Table of contentsBuilding the vulnerable scenariosScenario 1: Web application vulnerabilityScenario 2: CI/CD server vulnerabilityAutomated vulnerability detection using Nuclei templatesScenario 1:...

Ofir Yakobi

Apr 03, 2024

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

‘Orca Watch’ Series

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

With 84% of vulnerable and exposed TeamCity servers likely already compromised, the recent issue in JetBrains’ TeamCity illustrates how a...

Ofir Yakobi Neil Carpenter

Mar 20, 2024

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

Discovered Vulnerabilities

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into...

Ofir Yakobi

Jan 24, 2024

All articles by Ofir Yakobi

Azure Machine Learning Escalation: When Pipelines Go Off the Rails

Bringing Memory to AI: A Look at A2A and MCP-like Technologies Across Platforms

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

How to Detect and Mitigate CVE-2024-6387: a Critical RCE Vulnerability in OpenSSH

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons