Shir @shirtamari
Head of Research @wiz_io 🧙♂️ Tel Aviv, Israel Joined December 2020-
Tweets235
-
Followers2K
-
Following476
-
Likes404
😨 Wiz identifies risks in AI-as-a-Service platforms Cross tenant vulns found in Hugging Face! * Malicious pickle file → privesc in EKS, steal secrets * Malicious Dockerfile → RUN cmd in build, attack shared registry by @shirtamari & @sagitz_ wiz.io/blog/wiz-and-h…
And while you're at it, listen to the quick special episode of Crying out Cloud that @edenkoby and I recorded earlier today with @shirtamari, in which we discuss their research findings and how risks like these might be avoided in the future. (2/2) youtu.be/UvsSuh4MfuA
We uploaded a backdoored AI model to @huggingface which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️
We have been reverse engineering the XZ Utils backdoor and are sharing some initial findings: we've identified multiple hooking options to adapt to different environments, and a hardcoded fake public key that can appear in verbose SSH logs depending on attacker-controlled flags.
What a quick response from the best team
I've been looking into how the xz backdoor works and drew this sketch to make it easier to understand. I'll update it as new information comes to light ✨
Say hello to CISOasis.com — the world’s 1st cybersecurity meditation app 🌴
Indeed! it was so fun solving these crazy puzzles with the OG @exploit_sh💪🏻😎 Give it a spin and I assure that It will worth every second of your time as you will improve your debugging skills and Kubernetes knowledge! GG @shirtamari @nirohfeld @wiz_io k8slanparty.com/certificate/D3…
Indeed! it was so fun solving these crazy puzzles with the OG @exploit_sh💪🏻😎 Give it a spin and I assure that It will worth every second of your time as you will improve your debugging skills and Kubernetes knowledge! GG @shirtamari @nirohfeld @wiz_io k8slanparty.com/certificate/D3…
We (+@shirtamari) felt nostalgic, so we created a LAN Party 🛜 Only it won't be CS 1.6 this time - It's @kubernetesio network security challenges! ☸ Battle everything from @IstioMesh to @kyverno 🥊 Try it yourself! #k8slanparty k8slanparty.com
My @BlackHatEvents talk about #BingBang is live on YouTube! 🥳📽️ Watch how I hacked into a @bing admin panel (and SO much more) - all using a simple flaw in @Azure Active Directory 🔑👀 Check it out here 👉👉👉 youtu.be/l4hA2eZuMF8
My @BlackHatEvents talk about #BingBang is live on YouTube! 🥳📽️ Watch how I hacked into a @bing admin panel (and SO much more) - all using a simple flaw in @Azure Active Directory 🔑👀 Check it out here 👉👉👉 youtu.be/l4hA2eZuMF8
Dive into our blog for an in-depth analysis of their audacious OAuth attack – from compromising a legacy account to gaining unrestricted access to corporate mailboxes. wiz.io/blog/midnight-…
Sketch of interpretation of Midnight Blizzard's attack flow based on @MsftSecIntel's blogpost (had to make a few assumptions, noted in grey). Big h/t to @cnotin and @EricaZelic for their analysis of this incident (links in thread) and to @LSecResearch for valuable input.
Sketch of interpretation of Midnight Blizzard's attack flow based on @MsftSecIntel's blogpost (had to make a few assumptions, noted in grey). Big h/t to @cnotin and @EricaZelic for their analysis of this incident (links in thread) and to @LSecResearch for valuable input. https://t.co/iwmVnCyxEL
💥 BOOM! Introducing "Cloud Threat Landscape": our extensive (internal) cloud security incident database is now public! Explore 107 incidents, 96 threat actors, and 100+ attack techniques: wiz.io/cloud-threat-l…
Does anyone have any contact to share with the security folks at @replicate ? 🙏
☸️Real-world (not a survey 😉) Kubernetes stats are hard to come by. Use our report to make informative decisions about your K8s deployments. #Kubernetes #k8s Examples: 💠 The most popular managed service? EKS 💠 Best cluster version hygiene? GKE 💠 Oldest version observed? 👇 1/
☸️Real-world (not a survey 😉) Kubernetes stats are hard to come by. Use our report to make informative decisions about your K8s deployments. #Kubernetes #k8s Examples: 💠 The most popular managed service? EKS 💠 Best cluster version hygiene? GKE 💠 Oldest version observed? 👇 1/
🆕 Announcing the EKS Cluster Games A new CTF event to help you identify and learn about common Amazon EKS security issues 5 scenarios You’ll learn the misconfigs & exploit them in a controlled environment By @wiz_io's @nirohfeld wiz.io/blog/announcin…
We've started a Kubernetes Capture The Flag challenge. It's all about AWS EKS, five different challenges, showing common mistakes in k8s environments that we found in our research. Give it a try! #EKSClusterGames eksclustergames.com
When was the last time you exploited a misconfiguration in an EKS cluster? Check out the new CTF @ronenshh and I built to test your skills and learn about common, real-life security issues in K8s and EKS eksclustergames.com
GAME ON! Today, we're launching our new CTF event — EKSClusterGames.com 🕹️ Test your Amazon EKS security skills in real-world scenarios. Prove your expertise, top the leaderboard, and get an official certificate 🏆 Kudos to our research team: @nirohfeld @ronenshh
Scott Piper @0xdabbad00
18K Followers 327 Following Cloud security historian. Developed https://t.co/ZXFwkuyseC, CloudMapper, and Parliament. Founding team for @fwdcloudsec. Researcher at @wiz_io ✦sagitz @sagitz_
4K Followers 712 Following Cloud Security Researcher at @wiz_io • Microsoft Most Valuable Researcher 21/22/23 • Black Hat SpeakerSam Curry @samwcyo
77K Followers 949 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Nick Frichette @Frichette_n
5K Followers 2K Following Staff Security Researcher @datadoghq | former Pen Tester | he/him | OSCP OSWE | AWS Community Builder | Tweets are my own | Created https://t.co/QGWMJjuBzEalon @41thexplorer
899 Followers 477 Following ✨ Leading research & AI @wiz_io ⚠️ @cloudvulndb maintainer 🎙️ https://t.co/DKKysajdfF producerKinnaird McQuade 💻.. @kmcquade3
5K Followers 2K Following Founder/CTO @NightVision_inc. Security Researcher, OSS author. Posts on cybersecurity and cloud. Alum @Square, @Salesforce, @Synopsys |🇵🇭🇺🇸gafnit @gafnitav
1K Followers 60 FollowingClint Gibler @clintgibler
19K Followers 575 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |Aidan W Steele @__steele
8K Followers 2K Following I try to tweet novel things about AWS.“Shit-poster extraordinaire” according to @LastWeekInAWS. He/him. AWS Serverless HeroAmi Luttwak @amiluttwak
1K Followers 164 Following CTO @wiz_io a leader in cloud security, proudly working with Wiz Research team on cloud vulnerabilities #ChaosDB #OMIGOD. leading the effort for #CloudCVE.shubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnoteTom Orbach @TomOrbach
3K Followers 593 Following ☁️ Head of Growth Marketing at Wiz | ✍️ Writing MarketingIdeas{.}com | 🎊 Built and sold the Viral Post GeneratorRaaz @RaazHerzberg
343 Followers 260 Following Building cloud security products ✨ VP product strategy at @wiz_io 🧙♀️ prev @MSAzureSentinel. @Forbes 30 Under 30.Amitai Cohen 🎗️ @AmitaiCo
1K Followers 574 Following ✦ researching threats @wiz_io 🐞 maintaining vulns @cloudvulndb 🎙️ casting pods @ https://t.co/9Jsah9BjbO 🦣 https://t.co/Qass9GdKfXCarolineChurch @yqCHpFIH63E0Vb
0 Followers 130 FollowingTheresaSenior @1o73lwa1bi8l9B
0 Followers 105 Following🄲🅈🄱🄴🅁 .. @Cyber_Asia_
3K Followers 399 Following Follow us for the latest #cybersecurity news in Asia Pacific.Irad Aharoni @IradAharoni
79 Followers 1K Followingdorban @dorban15
13 Followers 78 FollowingBrad @EyEmBrad
124 Followers 119 FollowingSeighez @Seighez472650
2 Followers 177 FollowingIllusion31 @Keshavan3107
2 Followers 2K Following Security Enthusiast | Bug Hunter | VAPT | Pentest | Red TeamingSusanHobbes @Sa8TmgZcJEDA60
0 Followers 183 FollowingContrary Research @Contrary_Res
13K Followers 103 Following The best starting point for understanding private tech companies. Powered by @contrary. Subscribe to our newsletter below:vimvamvum @RyanF57787992
22 Followers 132 Followingtonghuaroot @tonghuaroot
99 Followers 553 Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #RedTeam #AppSec #WebSecurityritchie876 @ritcman1
437 Followers 5K FollowingNagli @naglinagli
94 Followers 156 Following חשבון לעברית Hacker, Entrepreneur, Founder @shockwave_sec Bug Bounty Hunter - Top 5 all time on HackerOne & Top 20 BugCrowd Main - @galnagliAmit Netzerel @AmitNetzerel
1 Followers 55 FollowingAdel Ka @0x4D31
3K Followers 2K Following full-stack threat detection engineer at @Nianticlabs | x-google lead security engineer, d&r. views are my own, not my employer's!vuanhtuan @TuanVuAhn
64 Followers 862 FollowingK1nz @viet_kien16450
97 Followers 2K FollowingDat Dora @DatDora
2 Followers 124 FollowingPranay @ps_shas
83 Followers 431 Following Learn, unlearn & Re-Learn. Interested in cloud & security 📖📚👨💻🇮🇳Shivam S. @thecybersapien
148 Followers 578 Following 👨💻Security Researcher 💪Volunteer at @dc_9111 📝Technical Content Writer 🚩Let's make our life more secureShah Mijanur ♠ @mijanurrax
507 Followers 5K Following Security Maven @123rf @pixlr @DesignsdotAI ~Vi veri universum vivus viciSharath Manuel @manuel_sharath
161 Followers 3K FollowingAbhimanyu Dhamija @dhamijaabhi
709 Followers 664 Followinglemonsleep @lemonsleep
58 Followers 681 Following0xDbg @0x_dbg
88 Followers 71 Followinglongshort_TMT @longshort_TMT
1K Followers 594 Following mostly software. factor neut bc no free ridesSantosh Achary @_santoshachary
175 Followers 779 Following 🧘Cybersecurity || Technology || Programing 👨💻The Disci @the_discip
118 Followers 1K Following Founder x2, Exit x1, Eng Mgr @ FANGMAN, Tech, Crypto, Investing, PokerGuillaume Salou @guillaume_salou
1K Followers 1K Following ML Infrastructure Lead @Huggingface, ex AI IT Director @OVHcloud, Father x3Vladimir @v4fs_
62 Followers 236 FollowingKirito (e/acc) 🏴�.. @bronzeagepapi
3K Followers 5K Following engineer scientist artist –– moloch disrespectoor // qualia connoisseur // tensor whisperer // epistemology enjoyer // kardashev mechanic // bounty hunterSecMyOps @SecMyOps
1 Followers 299 Followingharsha vardhan @harshakp06
102 Followers 2K FollowingYoni Rozenshein @1yoni
275 Followers 388 Following Security, internals, cryptography, math, and AI. Monitoring LLM cyber capabilities at Pattern Labs.nü @tcpdumb_
185 Followers 901 FollowingTAS @p0wnsauc3
878 Followers 362 Followingeden koby @edenkoby
13 Followers 94 FollowingChandrakanth B N @ckpairee
5K Followers 6K Following Serial #Entrepreneur #DigitalMarketer Founder and CEO at Pairee #ITServices #DigitalAdoption #Leadership #LearningSolutions #Technology #LeadershipCoachwinsherter @GWinsherter
87 Followers 427 FollowingQuốc Khang @monkeonyourroof
15 Followers 101 FollowingScott Piper @0xdabbad00
18K Followers 327 Following Cloud security historian. Developed https://t.co/ZXFwkuyseC, CloudMapper, and Parliament. Founding team for @fwdcloudsec. Researcher at @wiz_io ✦sagitz @sagitz_
4K Followers 712 Following Cloud Security Researcher at @wiz_io • Microsoft Most Valuable Researcher 21/22/23 • Black Hat SpeakerSam Curry @samwcyo
77K Followers 949 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Nick Frichette @Frichette_n
5K Followers 2K Following Staff Security Researcher @datadoghq | former Pen Tester | he/him | OSCP OSWE | AWS Community Builder | Tweets are my own | Created https://t.co/QGWMJjuBzEalon @41thexplorer
899 Followers 477 Following ✨ Leading research & AI @wiz_io ⚠️ @cloudvulndb maintainer 🎙️ https://t.co/DKKysajdfF producerYarden Shafir @yarden_shafir
19K Followers 272 Following A circus artist with a visual studio licenseKinnaird McQuade 💻.. @kmcquade3
5K Followers 2K Following Founder/CTO @NightVision_inc. Security Researcher, OSS author. Posts on cybersecurity and cloud. Alum @Square, @Salesforce, @Synopsys |🇵🇭🇺🇸Corey Quinn @QuinnyPig
99K Followers 977 Following Chief Cloud Economist at @DuckbillGroup. Father to @QuinnyPiglet & @theMunchQuinn. he/him Get my snarky take on AWS news: https://t.co/aGVMZnGzSVcts🌸 @gf_256
52K Followers 624 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboygafnit @gafnitav
1K Followers 60 FollowingZero Day Initiative @thezdi
77K Followers 17 Following Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.Nicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Clint Gibler @clintgibler
19K Followers 575 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter[email protected].. @0xdea
12K Followers 19 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.Contrary @contrary
13K Followers 54 Following We back the bold // Publishing research on private tech companies @contrary_resContrary Research @Contrary_Res
13K Followers 103 Following The best starting point for understanding private tech companies. Powered by @contrary. Subscribe to our newsletter below:Nagli @naglinagli
94 Followers 156 Following חשבון לעברית Hacker, Entrepreneur, Founder @shockwave_sec Bug Bounty Hunter - Top 5 all time on HackerOne & Top 20 BugCrowd Main - @galnagliBig Tech Alert @BigTechAlert
87K Followers 0 Following Follow what the CEOs and other high executives from Big Tech companies do on Twitter. DMs are open for feedbackDan ⚡️ @d4m1n
13K Followers 970 Following Likes to design & develop UIs, but also likes pizza 🍕 🚀 https://t.co/HHy5ZSxmDC 🎙️ https://t.co/TAw47xELkZ 🐈 https://t.co/k4ajuJIm13 🏏 https://t.co/A36yDuGo6Y ⌚️ https://t.co/Eti46eqg1w 👾 https://t.co/B7G8BFMcenMichael Girdley @girdley
214K Followers 2K Following CEO of an 11-business, 600-person holding company. Fireworks, software, +9 more. Writing about holding co's, starting businesses, life, and leading.Crazy Clips @crazyclipsonly
3.2M Followers 178 Following Crazy clips posted daily. Unbelievable viral videos & more! Viewer discretion is advised.Clint Fiore 🦬 DM f.. @ClintFiore
48K Followers 896 Following Follow me for Small Business Buying/Selling Info. Join my newsletter for Deals. Building the most trusted M&A / Business Brokerage in the USA: Bison Business.bburky @bburky
59 Followers 53 FollowingBoaz Maoz @boazmaoz
712 Followers 1K Following Managing Director, Google Cloud Israel. Tweets are my ownJames Kettle @albinowax
70K Followers 83 Following Director of Research at PortSwigger Burp Suite Check out my website for published research, other social platforms & contact detailsOmer Mosheiov @omermshv
12 Followers 48 FollowingJuan Linietsky @reduzio
56K Followers 96 Following Husband, @GodotEngine Creator and Technical Lead. I only tweet about Godot updates and new features. @[email protected]Godot Engine @godotengine
114K Followers 829 Following Your free, open-source game engine 🎮🛠️ Develop your 2D & 3D games, cross-platform projects, or even XR ideas!IAMERICA @EricaZelic
7K Followers 4K Following Still exploiting weak passwords for fun and profit. Your perception is not my reality. Posts don't represent my employer(s).ElevenLabs @elevenlabsio
65K Followers 11 Following Our mission is to make content universally accessible in any language and voice.Denis Shiryaev 💙�.. @literallydenis
5K Followers 586 Following CEO at https://t.co/SD0oaxYrjv, also ML-blogger a bit: https://t.co/SpxfF7Rh5V https://t.co/QUz7ZbJLvHTony Dinh 🎯 @tdinh_me
126K Followers 853 Following Indie hacker. 🧠 @TypingMindApp $33K/mo 🛠 @devutils_app $5.5K/mo 🪄 @blackmagic_so (Acquired, 2023) 📸 @XnapperHQ (Acquired, 2024)Fear the Phantom (gam.. @Phantom_TheGame
9K Followers 532 Following Horror game developer, working on an open world horror game. Envelope: https://t.co/dHesEdGA6q Ko-fi: https://t.co/TcL6GidOTKgfodor.id @gfodor
24K Followers 2K Following Anti-physist technology brother. UAP bunker. Problems soluble, potential to improve invariant. e/acc, #bitcoin @web_spaces, @MozillaHubsRowan Cheung @rowancheung
497K Followers 377 Following Founder @therundownai. Sharing the latest developments in the world of artificial intelligence.Leon Agmon @AgmonLeon
17 Followers 123 FollowingShahak Shapira @ShahakShapira
208K Followers 131 Following Don’t really care for this platform. Find me on Instagram or YouTubeDefold Engine @defold
6K Followers 528 Following Defold is a completely free to use and source available game engine for development of console, desktop, mobile and web games.Barry Bogs @BogsBarry
668 Followers 91 Following Freelance Animator Looking For A More Permanent Full-Time Animation Home ♥ Views&Opinions are my own Business email: [email protected] 🏳️🌈Olivia Moore @omooretweets
31K Followers 696 Following Consumer partner @a16z and twin to @venturetwinsTom Ebeyer @tomebeyer
341 Followers 312 Following Bootstrap founder, digital nomad, and amateur philosopher leading @_aphantasiaAphantasia Network @_aphantasia
4K Followers 461 Following Aphantasia is the inability to visualize. Join a global community of thinkers, creators, advocates & researchers exploring the image-free mind.EleutherAI @AiEleuther
19K Followers 76 Following A non-profit research lab focused on interpretability, alignment, and ethics of artificial intelligence. Creators of GPT-J, GPT-NeoX, and VQGAN-CLIPAI at Meta @AIatMeta
532K Followers 255 Following Together with the AI community, we are pushing the boundaries of what’s possible through open science to create a more connected world.Mistral AI @MistralAI
91K Followers 0 Following Fast, open-source and secure language models. Join us https://t.co/INALdNGvCPDatabricks Mosaic Res.. @DbrxMosaicAI
30K Followers 115 Following We remove the barriers to state-of-the-art generative AI model development and make data + AI available to all.Andrej Karpathy @karpathy
980K Followers 905 Following 🧑🍳. Previously Director of AI @ Tesla, founding team @ OpenAI, CS231n/PhD @ Stanford. I like to train large deep neural nets 🧠🤖💥George Hotz 🌑 @realGeorgeHotz
248K Followers 174 Following President @comma_ai. Founder @__tinygrad__🔜 Old World: Wonde.. @SorenJohnson
12K Followers 477 Following Founder of @MohawkGames. Designer of Civ 3, Civ 4, Dragon Age Legends, Offworld Trading Company, and Old World. Mouth Breather. Big fan of @LeylaCatJ.Dreaming Tulpa 🥓�.. @dreamingtulpa
34K Followers 1K Following Coder and AI whisperer | 🇨🇭 | @aiia_dao Keeping up to date with Generative AI on https://t.co/JjX7INV1K5 Building https://t.co/0tHHSgyHnn More here 👉 https://t.co/8ES5KiPMNDRoad to Vostok @roadtovostok
34K Followers 258 Following Road to Vostok is a hardcore single-player survival FPS game set in a post-apocalyptic border zone in Finland.randy @primalrandy
11K Followers 0 Following I think about game development every second of every waking hour.Bogomil Balkansky @BogieBalkansky
4K Followers 494 Following Partner at @Sequoia working with enterprise software companies. 20+ yrs product and marketing leadership @VMware, @GoogleCloud. https://t.co/FqsmCvWh6wOSINTdefender @sentdefender
1.1M Followers 800 Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPrMicah Hausler @micahhausler
3K Followers 662 Following Principal Engineer working on EKS and Kubernetes Security at AWS. Opinions are my own. Bluesky: @micahhausler.comMohit Gupta @_Skybound
93 Followers 67 Following Principal Security Consultant @ WithSecure focusing on all things AWS and Kubernetes More active on Slack so find me thereCostin Raiu @craiu
38K Followers 7K Following Romanian antihacker from another planet. #threatintel #yara #chess #taekwondoThe Spiffing Brit �.. @TheSpiffingBrit
120K Followers 761 Following The proud Tea Lord of over 3 Million subscribersStable Diffusion 🎨.. @DiffusionPics
59K Followers 41 Following Stable Diffusion powered Generative AI Art 🖼️ Animation 🎞 & Research 🧪 by #StabilityAI 🤖 AI image generation #SDXL #ControlNet #AnimateDiff (Midjourney)Some exciting news! I’ve been promoted to Staff Security Researcher! I’ll keep!pushing the boundaries of cloud security :)
😨 Wiz identifies risks in AI-as-a-Service platforms Cross tenant vulns found in Hugging Face! * Malicious pickle file → privesc in EKS, steal secrets * Malicious Dockerfile → RUN cmd in build, attack shared registry by @shirtamari & @sagitz_ wiz.io/blog/wiz-and-h…
LLM Hacker 1: I convinced the LLM to tell me how to make a bomb. 😎 LLM Hacker 2: I tricked it into giving me discounted prices. 😎 Wiz's vuln research team: We got privileged RCE and potential cross-tenant access.🤷
We uploaded a backdoored AI model to @huggingface which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️
Bro causally hacked HuggingFace's k8s cluster using a backdoored AI model
We uploaded a backdoored AI model to @huggingface which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️
@shirtamari @jcfarris @sagitz_ @huggingface > for no good reason It made that error stop, what more reason do you need?
If you like Kubernetes and CTFs come help me hack the @wiz_io K8s LAN party tomorrow youtube.com/live/ChFfMSGbT…
We uploaded a backdoored AI model to @huggingface which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️
We have been reverse engineering the XZ Utils backdoor and are sharing some initial findings: we've identified multiple hooking options to adapt to different environments, and a hardcoded fake public key that can appear in verbose SSH logs depending on attacker-controlled flags.
Someone asked me for a copy of document that doesn't exist because a genAI hallucinated it to them and said I authored it. It feels weird that a robot had a dream about me.
I've been looking into how the xz backdoor works and drew this sketch to make it easier to understand. I'll update it as new information comes to light ✨
Say hello to CISOasis.com — the world’s 1st cybersecurity meditation app 🌴
We have identified the first evidence of a campaign that is actively exploiting AI workloads in the wild! 🚨Action required 🚨 @OligoSecurity incredible Research Team @avi_lum @gkpln3 has uncovered that billions of dollars of GPU resources funneled away from hundreds of…
I’ll be remembering Yagev Buchshtab who Hamas said died today from a lack of food and medicine. I’ll be thinking of his poor widow, Rimon who was also kidnapped on 10/07 and released in a hostage negotiation. I’m sure she is heartbroken at her loss and will have survivors guilt
The NEW exclusive interview with hacker extraordinaire @samwcyo on Crying Out Cloud is out! Join Eden Naftali and @AmitaiCo as they discuss bug-bounty hunting, AI in transportation, and tech vulnerabilities. 🎙️Listen here: open.spotify.com/episode/74PbJ9…
Indeed! it was so fun solving these crazy puzzles with the OG @exploit_sh💪🏻😎 Give it a spin and I assure that It will worth every second of your time as you will improve your debugging skills and Kubernetes knowledge! GG @shirtamari @nirohfeld @wiz_io k8slanparty.com/certificate/D3…
Just participated the #K8sLANParty by @wiz_io! 🚀 An amazing journey through Kubernetes network vulnerabilities and misconfigurations! Ready to test your skills? Join the challenge here: k8lanparty.com couldn't do it without @k4kratik (gawd) k8slanparty.com/certificate/Sy…
Just finished the #K8sLANParty by @wiz_io! 🚀 An amazing journey through Kubernetes network vulnerabilities and misconfigurations! Ready to test your skills? Join the challenge here: k8lanparty.com I'm the HEROOOOOOOOO!!!!!!! k8slanparty.com/finisher/i86o3…
📚 tl;dr sec 222 ☁️ Top 10 CloudSec Strategies @NSAGov, @CISAgov 🛡️ Secure by Design @Google 🛠️ Claude 3 + fuzzing @moyix ☁️ CloudSec Maturity Model @rmogull 👩🎤 Music parody video @shehackspurple 📦 Kubernetes LAN party @nirohfeld, @shirtamari tldrsec.com/p/tldr-sec-222
We (@SaltSecurity ) could access *private* GitHub repos of *other* users, using....... ChatGPT! Open the comments below to understand exactly how👇
🚀 Big congrats to @daubsi, @bburky, and @dyslexicat for being among the first to dominate the K8s LAN Party Challenge — in less than 48 hours! Your Kubernetes & networks skills are impressive. 👏 See the full leaderboard here: k8slanparty.com/leaderboard
Ready to play in the K8s LAN Party? 🎮 Today, we're launching our new Capture The Flag event: 👾 K8sLANparty.com 👾 What's inside? • 5 mini-challenges focused on Kubernetes network security. • Real issues you might face, where you deploy your K8s environment (AWS,…