Introducing the Prompt Airlines CTF: Test Your AI Security Skills
Wiz is excited to announce "Prompt Airlines," a new cloud security Capture The Flag (CTF) event focused on AI vulnerabilities.
Nir Ohfeld
Vulnerability Research
Nir Ohfeld Posts
Announcing the K8s LAN Party Challenge
Test your investigation skills and K8s network knowledge in a new CTF event: the K8s LAN Party Challenge!
Announcing the EKS Cluster Games
Test your investigation skills and K8s knowledge in a new Wiz-sponsored CTF event: the EKS Cluster Games!
The Big IAM Challenge: Test Your Cloud Security Skills
Put yourself to the test with our unique CTF challenge and boost your AWS IAM knowledge. Do you have what it takes to win The Big IAM Challenge?
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.
Revisiting OMI: Analysis of CVE-2022-29149, a privilege escalation vulnerability in Azure OMI
Affected organizations are required to update installed agents that use the OMI cloud middleware software
The cloud gray zone—secret agents installed by cloud service providers
Wiz Research builds upon previous “OMIGOD” findings with a presentation at RSA Conference 2022; details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL
Wiz Research discovers a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server.
ChaosDB explained: Azure's Cosmos DB vulnerability walkthrough
This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.
How we broke the cloud with two lines of code: the full story of ChaosDB
A summary and recording of Wiz's talk at BlackHat Europe 2021: the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.
OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers
Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.
“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution
Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.
ChaosDB: How we hacked thousands of Azure customers’ databases
As part of building a market-leading CNAPP, Wiz Research is constantly looking for new attack surfaces in the cloud. Two weeks ago we discovered an unprecedented breach that affects Azure’s flagship database service, Cosmos DB.