Our Container Security AMA: You asked, Wiz answered
Check out the top comments and responses from our recent containers AMA.
Avigayil Mechtinger
Avigayil is a threat researcher at Wiz, specializing in detecting and hunting cloud threats. Prior to joining Wiz, she was a security researcher at Intezer, focusing on malware analysis and threat hunting. She has uncovered and documented various threats targeting both Linux and Windows platforms. In addition to her research, Avigayil has authored several beginner-friendly blog series, including Intro to Cloud Forensics, ELF Malware Analysis 101, Linux Rootkits Explained, and Malware Reverse Engineering for Beginners
Avigayil Mechtinger Posts
SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining
Wiz researchers discover ongoing threat to popular testing framework.
Pause off my cluster: DERO cryptojacking takes a new shape
Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation.
Linux rootkits explained – Part 2: Loadable kernel modules
Part 2 dives into the world of LKMs (Loadable Kernel Modules) and kernel-space rootkits to explore what LKMs are, how attackers abuse them, and how to detect them.
I know what you mined last summer: summarizing Summer '23 cryptomining activity
During the summer of 2023, using the Wiz Sensor, Wiz Research detected several different cryptomining campaigns targeting cloud workloads. Learn about these campaigns and their associated IoCs, and how to detect and prevent similar threats.
PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer
PyLoose is a newly discovered Python-based fileless malware targeting cloud workloads. Get a breakdown of how the attack unfolds and the steps to mitigate it.
Linux rootkits explained – Part 1: Dynamic linker hijacking
Dynamic linker hijacking via LD_PRELOAD is a Linux rootkit technique utilized by different threat actors in the wild. In part one of this series on Linux rootkits, we discuss this threat and explain how to detect it.
Intro to forensics in the cloud: A container was compromised. What’s next?
Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example.