07-25, 10:20–10:40 (US/Eastern), Room 2/3
Recent times showed that cloud cross-tenant vulnerabilities are very real and dangerous. Most vulnerabilities disclosed show that even if you do everything right in your cloud environment, you can still be at risk because of your cloud provider’s mistakes.
In this talk, we will explore some of the recent vulnerabilities we’ve found in Azure, explain their impact, and show how you could still defend against them in case of exposure. While this talk focuses on Azure, the methods apply to all cloud providers alike.
Tzah Pahima is a cloud security researcher in Orca Security’s vulnerability research team. He focuses on researching different cloud providers and exploiting flaws in the cloud ecosystem. His main specialties are vulnerability research and web security. Before joining Orca, Tzah served for five years in an Israeli military intelligence unit.
Yanir is a cloud security researcher in Orca Security’s vulnerability research team. Having years of experience in security and software, he hunts for vulnerabilities in the biggest cloud environments. He loves to search for practical, logical vulnerabilities with big impact.