Thrilled to share that we'll be presenting our research at Black Hat Vegas Briefings and Arsenal! We'll reveal critical AWS vulnerabilities and showcase our vulnerability hunting tool. More details: blackhat.com/us-24/briefing… blackhat.com/us-24/arsenal/… #BlackHat #BHUSA Black Hat

💧 Secrets leaking from employee *personal* GitHub repos → 66% of the valid secrets Aqua Security found + examples including finding privileged Azure container registry tokens and Red Hat container registry tokens aquasec.com/blog/github-re…

In this KubeFM episode, Yakir Kadkoda and Assaf from Aqua Security explore how a robust Kubernetes secrets strategy is necessary to prevent leaks and maintain a strong security posture kube.fm/exposed-secret… 🌟 Sponsor Isovalent 🎙️ with Bart Farrell

📢 Get ready for an eye-opening session at #CloudNativeCon on June 26th in Seattle! Our very own Yakir Kadkoda, Lead Security Researcher at Aqua, will explore critical threats in the Development Ecosystem. Discover the hidden dangers and learn how to protect your cloud native

🚨 Think your secrets are safe? Think again. Aqua Nautilus' groundbreaking research reveals widespread exposure of enterprise secrets in leading Source Code Management Systems. The combination of poor coding practices and Git-based system behavior has led to long-term secrets

#BHUSA Briefing "Breaching AWS Accounts Through Shadow Resources" will present six critical vulnerabilities found in AWS, along with the stories and methodologies behind them. Register here>> bit.ly/3VFE9j9

In our latest research, We have identified new ways secrets hide in codebases due to blind spots in secret scanning tools and design choices of Git and SCMs. We uncovered many findings, including Mozilla's infra tokens, Fortune 500 tokens, and more - aquasec.com/blog/undetecte…

Excited to announce our talk at DEF CON: "Breaching AWS Accounts Through Shadow Resources". We'll reveal new AWS vulnerabilities and attack vectors. Stay tuned! #DEFCON32 #DEFCON Michael Ofek itach

אמ;לק: Yakir Kadkoda, Ilay Goldman מ Aqua Security עשו מחקר מרתק על סיקרטים שלא ניתנים לאיתור ע״י הסורקים הנפוצים כיום. הצוות גילה קרדנשילס לסביבות ענן, תשתיות פנימיות, פלטפורמות טלמטריות, רשתות, מצלמות ועוד, חשופים לעולם. מחקתם את הסיקרט? חושבים שזה מספיק? אולי כדאי לכם לצלול >>

📚 tl;dr sec 244 ☁️ Cloud Security Slides Nick Frichette, Seth Art, Jenko Hwong ✍️ Threat Modeling 💼 Security Program Templates Robert A. 🧑‍💼 Security Training Tips Phil Venables 🦈 TrailShark Yakir Kadkoda, Ofek itach tldrsec.com/p/tldr-sec-244

🦈 TrailShark: Understanding AWS API and Service Interactions A plugin that connects Wireshark with AWS CloudTrail, offering near-real-time analysis of AWS API calls → Capture and examine the internal API calls triggered by AWS services → Used by Aqua Security's Ofek itach &