All articles by Roi Nisimi

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Research

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Bad.Build is a critical design flaw discovered by the Orca Research Pod in the Google Cloud Build service that enables...

Jul 18, 2023

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Discovered Vulnerabilities

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Here at Orca Security, our team of cloud researchers are continually pushing the cloud security limits to ensure that we...

Apr 11, 2023

Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS

Research

Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS

Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of...

Jan 18, 2023