Research Pod

Orca Security, as part of an ongoing research effort, discovered a vulnerability in the Databricks platform, and Databricks took swift...

A new critical Linux local privilege escalation vulnerability, found on Polkit's pkexec utility, was published and assigned CVE-2021-4034.

On Jan. 11, 2022, an HTTP Protocol stack remote code execution security vulnerability was identified. Microsoft assigned the CVE 2022-21907...

Orca Security’s vulnerability researcher, Tzah Pahima, discovered a vulnerability in AWS allowing file and credential disclosure of an AWS internal...

Orca's Research Team discovered a critical vulnerability that could allow an actor to create resources and access data of AWS...

In the third part of the Orca Security blog post series about Azure AD and IAM, Roee shares research on...

Table of contentsWhat are managed identities?Getting a managed identity access tokenThe known privilege escalation methodMy research objectivesEscalation to managed identities’...

Google’s approach to Identity and Access Management is relatively the most straightforward among the three major cloud providers.

A short tutorial on Azure Active Directory (AD) & IAM to lay the the groundwork for future posts.