Roi Nisimi, Author at Orca Security

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

Discovered Vulnerabilities

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

Table of contentsExecutive Summary:What are Azure, Gcloud and AWS CLI?Exposure of Serverless environment variablesAWS CLI LeakageGcloud CLI LeakageExploitation Proof of...

Apr 16, 2024

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

‘Orca Watch’ Series

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

On January 31st, Snyk unveiled the discovery of four novel container vulnerabilities that target the runC and BuildKit components within...

Feb 07, 2024

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

Discovered Vulnerabilities

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

The Orca Research Pod has uncovered a dangerous loophole in Google Kubernetes Engine (GKE) that could allow an attacker with...

Jan 24, 2024

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

Discovered Vulnerabilities

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

The Orca Research Pod has made an important discovery that puts Google Cloud Dataproc clusters at risk for data theft,...

Dec 12, 2023

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Discovered Vulnerabilities

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Bad.Build is a critical design flaw discovered by the Orca Research Pod in the Google Cloud Build service that enables...

Jul 18, 2023

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Discovered Vulnerabilities

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Here at Orca Security, our team of cloud researchers are continually pushing the cloud security limits to ensure that we...

Apr 11, 2023

Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS

Research

Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS

Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of...

Jan 18, 2023

All articles by Roi Nisimi

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

‘Leaky Vessels’ Docker Vulnerabilities Found in Many Cloud Environments: RunC (60%) and BuildKit (28%)

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons