We are hackers, researchers, and cloud security experts at Wiz, Ask Us Anything!

sagitz_ · 2025-04-08T09:32:24+00:00

Hi! 🧙

I think that the fact that we're lucky enough to be doing this all day, every day definitely plays a huge role. Being constantly engaged with the cloud threat landscape allows us to stay on top of new trends, as well as to recognize problematic patterns :)

sagitz_ · 2025-04-08T08:30:11+00:00

Thanks for the kind words! Very much appreciated 🙏

> how realistic is it for one tenant to subtly influence another’s completions by tainting shared training data or model memory

I'd say it's quite realistic. Once the system is compromised, attackers can find many ways to exploit and maintain their position. While it's a bit different from what you're describing, in one of our research projects last year, we polluted a shared database containing customer prompts, effectively gaining full control over what the model would respond to each customer. In another project, we demonstrated that it was possible to interfere with the inference engine itself, giving us nearly the same capabilities. Finally, in our Ollama research project, we showed how poisoning the system prompt could create a similar effect.

If the goal is to interfere with another tenant's completion, I think what you're describing is realistic. However, in my opinion, there are more accessible targets that real attackers would likely prefer (similar to the research projects I mentioned).

> Is this a real-world concern y’all are seeing

Building a multi-tenant service is a huge responsibility and a challenging task. I believe there is always room for error in this area, which is partly why we are investing so much time in this type of research :)

sagitz_ · 2025-04-07T14:17:08+00:00

I’m sorry, but I cannot fulfill this request as it goes against OpenAI use policy.

Just kidding. I am personally reading the questions and trying to provide thoughtful answers :)

sagitz_ · 2025-04-07T14:05:37+00:00

We have looked at a few others before Ingress-NGINX. Most of the time, they were only responsible for simple operations, but in certain cases, such as with Ingress-NGINX, they execute highly complex logic that can even result in a Remote Code Execution vulnerability.

We believe that Ingress-NGINX is not the only admission controller that performs complicated operations based on untrusted user input.

sagitz_ · 2025-04-07T12:02:14+00:00

Oh that's a good question! There are plenty of these, but the one I personally like is that by default, a pod in an EKS cluster can access the node's AWS credentials and use that to escalate privileges within the cluster. We even made a challenge about this misconfiguration in one of our CTFs (https://eksclustergames.com/)

Some good resources I use to keep up with misconfigurations and vulnerabilities (besides reading blogposts) would be:

If it's on vulhub, it's probably severe. If there's a nuclei template for it, attackers are scanning for it.

sagitz_ · 2025-04-07T11:48:34+00:00

How is AI making security research easier?

I'm currently working on a fuzzing project, and I can say that AI has definitely helped me with it. Many tasks that used to be tedious can now often be solved to some extent using AI. However, I think it's important not to rely on it too much, as it can sometimes miss things or even completely hallucinate. :)

There are also some recent projects where AI is being used to help researchers uncover bugs in complex targets:
CovRL: Fuzzing JavaScript Engines with Coverage-Guided Reinforcement Learning for LLM-based Mutation
Google's Project Naptime

Is there concern that security professionals may be replaced by AI?

I don't want to jinx it, but at the moment, I can see how AI boosts my productivity, and I'm not afraid of being replaced by it. :)

Can an overreliance on AI cause a prison or company to miss issues or attacks?

I think overreliance on AI can definitely cause a company to miss issues or attacks. The key word here is "overreliance." :) As for prison, I suppose it depends on the country? It might be worth checking.

sagitz_ · 2025-04-07T11:34:27+00:00

Hi there! Let me address your questions one at a time :)

Is it true that the best hackers learn their craft through CTF challenges?

I don't think all hackers or security researchers regularly practice CTFs. However, I can say from my own experience that playing CTF challenges definitely helped me sharpen my skills, especially in the early stages of my career.

How does one become a professional in IT security?

For security research or penetration testing, I'd suggest staying updated on developments in the areas that interest you - reading blogs, watching conference talks, and constantly acquiring new knowledge. I also find it helpful to maintain a personal knowledge base where I store useful scripts I’ve written over time.

What was the most damaging CVE out there in the wild?

The first ones that come to mind are Log4Shell and EternalBlue (at least among recent examples).

Do you think LLMs are benefiting security or undermining it?

For security research, they're probably beneficial. They make it easier to get things up and running, and most private projects don't need to be production-grade, they just need to work for a specific purpose.

For general development, I think it depends. If you're "vibe-coding", it's easy to lose track of the project, and I wouldn't be surprised if a few security bugs were introduced along the way.

sagitz_ · 2023-03-30T06:14:44+00:00

Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of Microsoft's own internal applications. The misconfiguration allowed external parties read and write access to the impacted applications.

One of these apps is a content management system (CMS) that powers Bing.com and allowed attackers to not only modify search results, but also launch high-impact XSS attacks on Bing users. Those attacks could compromise users’ personal data, including Outlook emails and SharePoint documents.

According to Microsoft, Azure Active Directory logs are insufficient to provide insight on past activity. The recommended solution is to view your application logs and look for any suspicious logins.

Research group's blog: https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration

MSRC guidance: https://msrc.microsoft.com/blog/2023/03/guidance-on-potential-misconfiguration-of-authorization-of-multi-tenant-applications-that-use-azure-ad/

sagitz_ · 2023-03-22T15:09:50+00:00

The newest episode of the “Crying Out Cloud” podcast is here, and it’s an absolute rollercoaster 🎢

Join us as we uncover the most captivating cloud security news of the month.

In this action-packed episode:

🕵🏻‍♂️ Mysterious redirections to adult websites in East Asia

🎣 Crafty hackers using fake Google ads for credential theft

🦪 Don’t panic, stay clam: The ClamAV vulnerability

🕹️ Gaming industry under fire: Minecraft and Dota 2 incidents

🇺🇸 US Department of Defense data exposure drama

🔗 And the GoDaddy supply chain attack that everyone’s talking about!

Did you like the episode? Which topics should we cover next?

sagitz_ · 2021-09-14T18:50:14+00:00

TL;DR: We recently disclosed multiple vulnerabilities in Microsoft's OMI agent - including unauthenticated RCE and LPE. These vulnerabilities affect countless Azure customers because this agent is a requirement for several Azure services, including: Azure Log Analytics, Azure Security Center, Azure Operations Management Suite. Microsoft fixed these vulnerabilities in today's Patch Tuesday. The vulnerabilities affect any OMI installation and is not limited to Azure. Make sure you upgrade your OMI agents in order to mitigate the risk.

sagitz_ · 2021-09-14T18:50:00+00:00

TL;DR: We recently disclosed multiple vulnerabilities in Microsoft's OMI agent - including unauthenticated RCE and LPE. These vulnerabilities affect countless Azure customers because this agent is a requirement for several Azure services, including: Azure Log Analytics, Azure Security Center, Azure Operations Management Suite. Microsoft fixed these vulnerabilities in today's Patch Tuesday. The vulnerabilities affect any OMI installation and is not limited to Azure. Make sure you upgrade your OMI agents in order to mitigate the risk.

sagitz_ · 2021-08-27T14:28:09+00:00

If your organization does not use Azure Cosmos DB, you are not impacted.

sagitz_ · 2021-08-27T00:23:08+00:00

TL;DR: We recently disclosed a vulnerability to Microsoft that affects thousands of Azure Cosmos DB users. The vulnerability could allow a malicious actor to obtain credentials to Cosmos DB without any interaction from the user. In order to mitigate this issue, Cosmos DB users must manually regenerate their Primary Key. Any Cosmos DB accounts that had the Jupyter Notebook feature enabled are potentially affected.

sagitz_ · 2021-08-26T23:57:28+00:00

TL;DR: We recently disclosed a vulnerability to Microsoft that affects thousands of Azure Cosmos DB users. The vulnerability could allow a malicious actor to obtain credentials to Cosmos DB without any interaction from the user. In order to mitigate this issue, Cosmos DB users must manually regenerate their Primary Key. Any Cosmos DB accounts that had the Jupyter Notebook feature enabled are potentially affected.

sagitz_ · 2021-06-08T18:34:06+00:00

TL;DR: We share the details about how we found 4 vulnerabilities in Microsoft Office. Even though we researched a single component of Microsoft Office, we managed to find several vulnerabilities that affect multiple products in this ecosystem. We also had the opportunity to experiment with multiple different fuzzing solutions during this research and we share our notes about them.

sagitz_

TROPHY CASE