Author Page

Aqua Research Team

Team Nautilus focuses on cybersecurity research of the cloud native stack. Its mission is to uncover new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure — enabling new methods and tools to address them.
Asaf Eitani
Asaf is a Security Researcher at Aqua Nautilus research team. He focuses on researching Linux malware, developing forensics tools, and analyzing new attack vectors in cloud native environments. In his spare time, he likes painting, playing beach volleyball, and carving wood sculptures.
Nitzan Yaakov
Nitzan is a Security Data Analyst at Team Nautilus, Aqua’s research team. She focuses on analyzing attacks in cloud native environments and researching new techniques used by adversaries. Outside of work, she enjoys baking and experimenting with new dessert recipes as well as doing sports such as Kangoo Jumps and pilates.
Assaf Morag
Assaf is a Lead Data Analyst at Aqua Nautilus research team, he focuses on supporting the data needs of the team, obtaining threat intelligence and helping Aqua and the industry stay at the forefront of new threats and methodologies for protection. His work has been published in leading info security publications and journals across the globe, and most recently he contributed to the new MITRE ATT&CK Container Framework.
Ilay Goldman
lay is a Security Researcher at Aqua. As part of Team Nautilus, he discovers different techniques of supply chain attacks and finds vulnerabilities and attack vectors in cloud native environments. Before Aqua, he worked as a red teamer. In his free time, he enjoys cooking, doing sports and listening to music.
Yakir Kadkoda
Yakir Kadkoda is a Lead Security Researcher at Aqua's research team, Team Nautilus. He combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer. Yakir has shared his deep cybersecurity insights at major industry events like Black Hat and RSA.
Mor Weinberger
Mor is a Staff Software Engineer at Aqua Security. With vast experience in analyzing cloud native security and supply chain threats. Mor regularly uncovers emerging threats such as unsecured environments and cryptomining campaigns. Mor was part of the Argon Security team acquired by Aqua in 2021. Today, he focuses on developing innovative CNAPP projects
Michael Katchinskiy
Michael is a Security Researcher at Team Nautilus, Aqua's research team. His work focuses on researching and analyzing new attack vectors and threats in cloud native environments. When he isn't at work, he enjoys a good kite-surfing session or making Neapolitan pizza.
Ofek Itach
Ofek is a Security Researcher at Team Nautilus, Aqua's research team. With a focus on big data analytics, Ofek researches various domains in the cloud, including attacks against cloud providers and services. In his spare time, he enjoys listening to podcasts, playing soccer, and collecting watches.
Alon Zivony
Alon Zivony is a Security Researcher on the Aqua Nautilus research team. He focuses on kernel features and vulnerabilities research with the goal of developing forensics tools and finding new attack vectors in the cloud native world. In his free time he is an enthusiastic cook and baker and enjoys traveling with family and friends.
Blog Posts by Aqua Research Team
Bugs Gone Wild: Container (Stack) Clash and CVE-2017-1000253
A Stack Clash is a vulnerability in the memory management of several operating systems, including Linux. It can be exploited by attackers to corrupt memory of a privileged process in order to execute arbitrary code.
Kubernetes Pod Escape Using Log Mounts
Kubernetes has many moving parts, and sometimes combining them in certain ways can create unexpected security flaws. In this post you’ll see how a pod running as root and with a mount point to the node’s /var/log directory can expose the entire contents of its host filesystem to any user who has access to its …
DNS Spoofing on Kubernetes Clusters
In this post I’ll describe how an attacker, who manages to run malicious code on a cluster can, with no special permissive permissions, successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM (Man In The Middle) on all network traffic of pods.
Mapping Risks and Threats in Kubernetes to the MITRE ATT&CK Framework
In April, MITRE published the ATT&CK matrix for Containers covering adversarial techniques that target container technologies. At Aqua, we were proud to support this effort by sharing our knowledge and helping refine and extend the matrix. As for the risks in Kubernetes, Microsoft created a framework for Azure-based environments (AKS), but what about vanilla K8s? …
Hunting Rootkits with eBPF: Detecting Linux Syscall Hooking Using Tracee
Today, cloud native platforms are increasingly using eBPF-based security technology. It enables the monitoring and analysis of applications’ runtime behavior by creating safe hooks for tracing internal functions and capturing important data for forensic purposes. Tracee is an open source runtime security and forensics tool for Linux that is powered by eBPF and is more …
Updated Security Advisory: New OpenSSL Vulnerabilities
The OpenSSL project has pre-announced a new and critical severity vulnerability, which was downgraded to High as of today, Nov. 1, 2022. The initial pre-announcement blog has been updated here to reflect additional remediation guidance.
In-depth Analysis of the PyTorch Dependency Confusion Administered Malware
Recently, a dependency of the widely used PyTorch-nightly Python package was targeted in a dependency confusion attack, resulting in thousands of individuals downloading a malicious binary that exfiltrated data through DNS. The individual responsible for this attack claimed to be a security researcher whose research had gone awry. In this blog, we will provide an …
2024 Cybersecurity Trends: AI, Cloud, and Threat Intelligence
As we begin this new year, we see the landscape of cybersecurity poised to witness a surge in AI-driven attacks, propelling the industry into a rapid cycle of innovation. Defenders are on a quest to develop advanced AI-based security measures, not just to detect and respond to threats in real-time, but to predict and thwart …
Mitigating Leaky Vessels Vulnerabilities in runc, BuildKit and Moby with Aqua
On January 31, 2024, researchers revealed the discovery of four severe security vulnerabilities in the container ecosystem. These vulnerabilities, affecting key components including runc, BuildKit, Moby (Docker Engine), and Docker Desktop, pose significant risks to the security and integrity of applications that use containerization applications.  
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links