Chen Shiri is a cyber security researcher, hacker, known for his research on low-level security and containers isolation, working with leading security firms, government organizations and Fortune 500 companies.

His research has revealed significant flaws within widely-used services and prominent vendors.  He published research with early examples of weaknesses in container-based web apps and products like Google Colab and Cloud Shell in addition to the chain attack in AWS Kubernetes services.

Security Researcher, Expert – Accenture 2020 – Current (2024)
Maglan- Cyber Warfare and IT Security Research Labs

Connect with me @BlackD0C on

Media

Chen Shiri has conducted hundreds of speaking engagements both in-person and remotely at major companies, events, and organizations. He is also a recognized authority on cybersecurity, frequent commentator addressing emerging issues in the field through various media platforms.
News paper article about a patent Invention

An interview with a leading news paper article about a development of a patent for visually impaired people

Presenting at Hackeriot Cyber Summit

Volunteer lecturer at “Hackeriot Summit”

A conference to promote woman in cyber

Escaping docker containers presentation on kfar saba

I was honored to present about attacking cloud container orchestrations

lecturing to Israeli air force (idf)​

I had the honor of sharing my knowledge about advanced microservices to the Israeli Air Force (IDF)

Research & Publications

Hacking Azure Key Vault- Exploring Authentication Problem

Research- Medium

Summary: The article focuses on intricacies of managed identity authentication in Azure Key Vault and it’s critical security issue. I describe exploitation of the issue in environments where this feature is used, could allow attackers inside a container to get  the secrets of all containers on the node. It examines the problem of secret management in relation to application security and evaluates Azure Key Vault’s solution. With practical implementation insights and an in-depth analysis of the attack vector, the research uncovers how it impact cloud environments and how to execute the attack.

AWS Elastic Kubernetes Service (EKS) Chain Attack

Research- Medium

Summary: In this research article, I present a new attack methodology targeting Elastic Kubernetes Service (EKS) on AWS. By uncovering two zero-day vulnerabilities, I demonstrate how attackers can exploit the weaknesses in EKS’s pod isolation mechanism. This research highlights the critical security risks and implications, including unauthorized access to customer data, non-compliance with regulations, and potential financial and reputational damage. The article provides detailed insights into the attack techniques and offers recommendations for mitigating these vulnerabilities to safeguard EKS environments.

Vulnerability in Google Colab: Access to Host VMs via Container Escapes

Research- Medium

Summary: The research explores a vulnerability discovered in Google Colab, a popular online platform for coding and data analysis. The vulnerability involves access to host virtual machines (VMs) through container escapes. The author highlights the significance of this vulnerability by demonstrating how an attacker with access to a Colab notebook could exploit it to gain unauthorized access to the underlying infrastructure, potentially compromising sensitive data or launching malicious activities. The article offers a detailed analysis of the vulnerability, including the underlying mechanisms and consequences, emphasizing the importance of addressing such security flaws to ensure the continued safety and integrity of cloud-based platforms.

Taking over “Google Cloud Shell” by utilizing capabilities and Kubelet

Research- Medium, Bytebuzz

Summary: Research conducted by Chen Shiri reveals critical vulnerabilities in Google Cloud Shell, a free interactive shell used for running projects and testing online. The study identified an attack vector that could expose secrets and container data, including tokens, and allow malicious actors to read and modify data stored and accessible from other containers and services. Shiri successfully broke out of the container and gained read/write access to Google’s infrastructure, accessing all containers on the node, including critical files and instance information, and gaining root access to the node. The vulnerabilities exposed in the study could potentially compromise the authorization, credentials, tokens, images, and container registry of Google’s shell mechanism, and provide access to different shell sessions, instance information, and configuration and data for the containers running on the node.