research,

• 08 Sep 2025 - GitHub Actions: A Cloudy Day for Security - Part 2
• 25 Aug 2025 - GitHub Actions: A Cloudy Day for Security - Part 1
• 07 Nov 2022 - Taking over Azure Devops Accounts and Microsoft Pipelines

azure

• 13 Sep 2024 - Escalating from Reader to Contributor in Azure API Management
• 10 Nov 2023 - Accessing Azure Kubernetes Service as Guest and Cross-Tenant
• 13 Jun 2023 - Exploiting the Azure Management API for App Services
• 07 Nov 2022 - Taking over Azure Devops Accounts and Microsoft Pipelines

bug_bounty,

• 20 Aug 2025 - Azure's Weakest Link - Full Cross-Tenant Compromise
• 30 May 2025 - Finding SSRFs in Azure DevOps - Part 2
• 10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets
• 17 Jan 2025 - Finding SSRFs in Azure DevOps
• 20 Nov 2024 - Azure CLI Token Leak
• 05 Nov 2024 - Escalating from Reader to Contributor in Azure API Management pt II
• 13 Sep 2024 - Escalating from Reader to Contributor in Azure API Management
• 10 Nov 2023 - Accessing Azure Kubernetes Service as Guest and Cross-Tenant
• 13 Jun 2023 - Exploiting the Azure Management API for App Services
• 13 Apr 2023 - Why you shouldn't include secrets in Docker images, a Google Cloud case study

google

• 13 Apr 2023 - Why you shouldn't include secrets in Docker images, a Google Cloud case study

microsoft,

• 20 Aug 2025 - Azure's Weakest Link - Full Cross-Tenant Compromise
• 30 May 2025 - Finding SSRFs in Azure DevOps - Part 2
• 10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets
• 17 Jan 2025 - Finding SSRFs in Azure DevOps
• 20 Nov 2024 - Azure CLI Token Leak
• 05 Nov 2024 - Escalating from Reader to Contributor in Azure API Management pt II
• 13 Sep 2024 - Escalating from Reader to Contributor in Azure API Management
• 10 Nov 2023 - Accessing Azure Kubernetes Service as Guest and Cross-Tenant
• 13 Jun 2023 - Exploiting the Azure Management API for App Services

azure,

• 20 Aug 2025 - Azure's Weakest Link - Full Cross-Tenant Compromise
• 30 May 2025 - Finding SSRFs in Azure DevOps - Part 2
• 10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets
• 17 Jan 2025 - Finding SSRFs in Azure DevOps
• 20 Nov 2024 - Azure CLI Token Leak
• 05 Nov 2024 - Escalating from Reader to Contributor in Azure API Management pt II

APIM

• 05 Nov 2024 - Escalating from Reader to Contributor in Azure API Management pt II

ACR

• 20 Nov 2024 - Azure CLI Token Leak

devops

• 30 May 2025 - Finding SSRFs in Azure DevOps - Part 2
• 17 Jan 2025 - Finding SSRFs in Azure DevOps

.NET,

• 31 Jan 2025 - CRLF injection via TryAddWithoutValidation in .NET

vulnerabilities

• 31 Jan 2025 - CRLF injection via TryAddWithoutValidation in .NET

API

• 20 Aug 2025 - Azure's Weakest Link - Full Cross-Tenant Compromise
• 10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets

Connection

• 10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets

Connections

• 20 Aug 2025 - Azure's Weakest Link - Full Cross-Tenant Compromise

GitHub

• 08 Sep 2025 - GitHub Actions: A Cloudy Day for Security - Part 2
• 25 Aug 2025 - GitHub Actions: A Cloudy Day for Security - Part 1

Actions,

• 08 Sep 2025 - GitHub Actions: A Cloudy Day for Security - Part 2
• 25 Aug 2025 - GitHub Actions: A Cloudy Day for Security - Part 1

OIDC,

• 08 Sep 2025 - GitHub Actions: A Cloudy Day for Security - Part 2
• 25 Aug 2025 - GitHub Actions: A Cloudy Day for Security - Part 1

Azure

• 08 Sep 2025 - GitHub Actions: A Cloudy Day for Security - Part 2
• 25 Aug 2025 - GitHub Actions: A Cloudy Day for Security - Part 1