Publications
Personal Blogposts
Rhythms of Research - things I've written on the subject of research methodology and the creation process of finished intelligence products.
- Outlines
- Achieving Research Fluency
- Narrative in Research
- Querying in Research
- Tabular Thinking
- Information Management
- Informational Strata
- Bravery in Research
- Arrangements
- What I look for in blogposts
- Thrunting Grounds
- Intelligence Failure in Threat Detection
- The Other Pyramids
- Resource Gathering
- The Indirect Realism of Threat Research
Work Blogposts
See more on my Wiz blog author page.
- Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond (with Shahar Dorfman)
- Tracking cloud-fluent threat actors - Part one: Atomic cloud IOCs (with Merav Bar)
- Eight questions to measure vulnerability remediation "pain"
- Storm-0558 Update: Takeaways from Microsoft's recent report
- How to leverage generative AI in cloud apps without putting user data at risk (with Barak Sharoni)
- Redirection Roulette: Thousands of hijacked websites in East Asia redirecting visitors to other sites (with Barak Sharoni)
- Hardening your cloud environment against LAPSUS$-like threat actors
- Securing AWS Lambda function URLs
Papers & Reports
- PEACH: a tenant isolation framework for cloud applications (Whitepaper, Website, Blogpost)
- The State of the Cloud 2023 (with Scott Piper) (Report)
- State of AI in the Cloud 2024 (Report, Blogpost)
- State of AI in the Cloud 2025 (Report, Blogpost)
- State of AI in the Cloud 2026 (Report, Blogpost)
Talks
- "We built a community cloud vulnerability database, now what?" @ fwd:cloudsec (with Alon Schindel) (Recording, Slides)
- "The Good, the Bad, and the Vulnerable: A comprehensive overview of vulnerabilities in cloud environments" @ fwd:cloudsec (with Merav Bar) (Recording)
- "The Forensic Trail On GitHub: Hunting For Supply Chain Activity" @ Black Hat Europe (with Rami McCarthy) (Slides, Dark Reading coverage)
Podcast Recordings
Co-hosting Crying out Cloud with Eden Naftali.
- Wiz sees big impact of AI on runtime security, but also stresses old threats (Techzine TV Podcast)
- Key findings about Storm-0558 (SANS Threat Analysis Rundown with Katie Nickels)
- Isolation is just PEACHy (The OWASP Podcast Series)
- Threat Trends: Addressing Risk in the Cloud with Wiz (Mandiant's Defender’s Advantage Podcast)
- Interview by Dave Bittner (CyberWire Daily)
Diagrams
- How do open-source supply chain attacks happen, and when should I worry?
- Storm-0558 email exfiltration
- Storm-0558 signing key capture
- Midnight Blizzard Exchange Online Exfiltration Campaign
- 3CX breach
- JumpCloud breach
- Oktapus / ScatterSwine activity overview (featured in Krebs on Security)
- CircleCI breach
- LastPass breach
- Fast Company breach
- Heroku / Travis CI / GitHub / npm breach
- TraderTraitor Bybit / SafeWallet breach
- Polyfill / Funnul campaign
- Vulnerability assessment using CPE
- AWS IAM
- Spring4Shell (CVE-2022-22965)
- OpenSSL vulnerabilities (CVE-2022-3786, CVE-2022-3602)
- OpenSSH vulnerability (CVE-2023-38408)