Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Shir @ fwd:cloudsec Profile picture
Shir @ fwd:cloudsec
@shirtamari
Head of Research @wiz_io 🧙‍♂️
Apr 4, 2023 7 tweets 3 min read
Continuing the #BingBang thread, many have asked how we found the vulnerable Bing Trivia endpoint.

Let me share our unique Azure Active Directory cloud reconnaissance technique to find misconfigured authentication prompts🧵 We wanted to scan the internet🌎and measure how many Azure customers mistakenly misconfigured their Azure App Service and Azure Functions authentication, allowing anyone to log in
Sep 20, 2022 7 tweets 2 min read
Vulnerability full disclosure - New Oracle cloud vulnerability allowed users to access the virtual disks of other Oracle customers >> We found the vulnerability while working on the Wiz/Oracle cloud (OCI) integration. When trying to attach to another OCI user's virtual disk, we were surprised to find the operation succeeded! We received read/write access to disks in another account that does not belong to us 🤯
Aug 21, 2021 6 tweets 3 min read
(1/6) @awscloud just fixed few more cross-account vulnerabilities that we found and reported during our AWS research >>>
@wiz_io @amiluttwak ImageImage (2/6) Vulnerability #1: Cross-Account Lambda Invocation in AWS Config
Apparently, AWS config could invoke Config supported lambda function in other accounts (!)