Author Page

Aqua Research Team

Team Nautilus focuses on cybersecurity research of the cloud native stack. Its mission is to uncover new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure — enabling new methods and tools to address them.
Asaf Eitani
Asaf is a Security Researcher at Aqua Nautilus research team. He focuses on researching Linux malware, developing forensics tools, and analyzing new attack vectors in cloud native environments. In his spare time, he likes painting, playing beach volleyball, and carving wood sculptures.
Nitzan Yaakov
Nitzan is a Security Data Analyst at Team Nautilus, Aqua’s research team. She focuses on analyzing attacks in cloud native environments and researching new techniques used by adversaries. Outside of work, she enjoys baking and experimenting with new dessert recipes as well as doing sports such as Kangoo Jumps and pilates.
Assaf Morag
Assaf is a Lead Data Analyst at Aqua Nautilus research team, he focuses on supporting the data needs of the team, obtaining threat intelligence and helping Aqua and the industry stay at the forefront of new threats and methodologies for protection. His work has been published in leading info security publications and journals across the globe, and most recently he contributed to the new MITRE ATT&CK Container Framework.
Ilay Goldman
lay is a Security Researcher at Aqua. As part of Team Nautilus, he discovers different techniques of supply chain attacks and finds vulnerabilities and attack vectors in cloud native environments. Before Aqua, he worked as a red teamer. In his free time, he enjoys cooking, doing sports and listening to music.
Yakir Kadkoda
Yakir Kadkoda is a Lead Security Researcher at Aqua's research team, Team Nautilus. He combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer. Yakir has shared his deep cybersecurity insights at major industry events like Black Hat and RSA.
Mor Weinberger
Mor is a Staff Software Engineer at Aqua Security. With vast experience in analyzing cloud native security and supply chain threats. Mor regularly uncovers emerging threats such as unsecured environments and cryptomining campaigns. Mor was part of the Argon Security team acquired by Aqua in 2021. Today, he focuses on developing innovative CNAPP projects
Michael Katchinskiy
Michael is a Security Researcher at Team Nautilus, Aqua's research team. His work focuses on researching and analyzing new attack vectors and threats in cloud native environments. When he isn't at work, he enjoys a good kite-surfing session or making Neapolitan pizza.
Ofek Itach
Ofek is a Security Researcher at Team Nautilus, Aqua's research team. With a focus on big data analytics, Ofek researches various domains in the cloud, including attacks against cloud providers and services. In his spare time, he enjoys listening to podcasts, playing soccer, and collecting watches.
Alon Zivony
Alon Zivony is a Security Researcher on the Aqua Nautilus research team. He focuses on kernel features and vulnerabilities research with the goal of developing forensics tools and finding new attack vectors in the cloud native world. In his free time he is an enthusiastic cook and baker and enjoys traveling with family and friends.
Blog Posts by Aqua Research Team
Bugs Gone Wild: Container (Stack) Clash and CVE-2017-1000253
A Stack Clash is a vulnerability in the memory management of several operating systems, including Linux. It can be exploited by attackers to corrupt memory of a privileged process in order to execute arbitrary code.
Mapping Risks and Threats in Kubernetes to the MITRE ATT&CK Framework
In April, MITRE published the ATT&CK matrix for Containers covering adversarial techniques that target container technologies. At Aqua, we were proud to support this effort by sharing our knowledge and helping refine and extend the matrix. As for the risks in Kubernetes, Microsoft created a framework for Azure-based environments (AKS), but what about vanilla K8s? …
Updated Security Advisory: New OpenSSL Vulnerabilities
The OpenSSL project has pre-announced a new and critical severity vulnerability, which was downgraded to High as of today, Nov. 1, 2022. The initial pre-announcement blog has been updated here to reflect additional remediation guidance.
In-depth Analysis of the PyTorch Dependency Confusion Administered Malware
Recently, a dependency of the widely used PyTorch-nightly Python package was targeted in a dependency confusion attack, resulting in thousands of individuals downloading a malicious binary that exfiltrated data through DNS. The individual responsible for this attack claimed to be a security researcher whose research had gone awry. In this blog, we will provide an …
2024 Cybersecurity Trends: AI, Cloud, and Threat Intelligence
As we begin this new year, we see the landscape of cybersecurity poised to witness a surge in AI-driven attacks, propelling the industry into a rapid cycle of innovation. Defenders are on a quest to develop advanced AI-based security measures, not just to detect and respond to threats in real-time, but to predict and thwart …
Mitigating Leaky Vessels Vulnerabilities in runc, BuildKit and Moby with Aqua
On January 31, 2024, researchers revealed the discovery of four severe security vulnerabilities in the container ecosystem. These vulnerabilities, affecting key components including runc, BuildKit, Moby (Docker Engine), and Docker Desktop, pose significant risks to the security and integrity of applications that use containerization applications.  
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links