Olivia
Online
Roee Sagi
@RoeeSagi
Security Researcher at @orcasec
Joined November 2017
417 Following
154 Followers
88 Posts
Pinned Tweet
@thisis0xczar and I have discovered #CosMiss, a vulnerability in #MicrosoftAzure Cosmos DB where authentication checks were missing from Jupyter Notebooks (https://t.co/Gs9VX2h1a5)
Keep reading for the highlights about this new #vulnerability🧵⬇️ (1/6)
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability
It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷♂️
Read Here - https://t.co/c969sNjQH0
When Palestinians tell you who they are, believe them.
Listen —
Why were the hostages hidden in a market, as Hamas continues to risk their own people and use them as human shields?
Israel is dealing with an almost impossible combat zone.
#HamasisISIS
Who to follow
Nir Ohfeld 
@nirohfeld
Head of Vulnerability Research @wiz_io | @Microsoft MVR (2021-2025) | Pwn2Own 2025 | @Forbes 30 Under 30 | Ask me anything about https://t.co/QfzcO03PpS
sagitz
@sagitz_
Cloud Security Researcher at @wiz_io • Microsoft Most Valuable Researcher 21/22/23 • Black Hat Speaker • Ask me anything about https://t.co/57lyhfcUee
Ofir Balassiano
@ofir_balassiano
Co-Founder & CPO - Bloom Security
Ex Research Lead @PaloAltoNtwks
trying to feed my curiosity
I hacked Microsoft's AI bot for healthcare on a Friday night
Within hours I could access data of multiple healthcare organizations, but it didn't stop there
Microsoft fixed the issue, and then I did it again, and again, and again..
Here's the story of Lethal Injection: 💉
The first question that left me speechless (but only for a second):
First clear footage from the Al Ahli tragedy in Gaza, but what do you notice?
this is a surface explosion, almost no soil is thrown up, so it's not an air bomb.
Looks like a failed Hamas rocket that landed there, what a tragedy has Hamas brought to the people of Gaza!
Hamas is ISIS.
who kidnaps babies?
Don't look away.
#HamasisISIS
This is an Israeli hostage in Gaza.
Notice the sandbags. Printed on them: "The people of Japan" and "For free distribution for Palestinian refugees"
I wonder if Japan knows their sandbags are being used by terrorists and not refugees.
#HamasisISIS
#hamas
#Israel
#Israel_under_attack
#Palestine
#Gaza
#Gaza_under_attack
credit to: @imshin
Hamas, an Islamic fundamentalist terrorist organization has kidnapped elderly women, mothers with their babies. Hamas are as brutal as ISIS.
Please share! these babies are kidnapped and held in Gaza in horrendous conditions.
#gaza #Israel_under_attack #israel
An advisory for the Remote Code Execution vulnerability I have discovered on Rockwell PanelView Plus devices was just published.
https://t.co/RXjkwHs55Y
https://t.co/zotMMo1SbZ
Stay tuned!
Microsoft has posted a blog saying it has found the likely explanation (though it deleted via log rotation the logs that would have proved this😬) for loss of its token signing key in the MS cloud breach earlier this year:
Bloody crash dumps:
https://t.co/vHp55eA7HR
Security researcher @RoeeSagi found that over 37% of #Azure accounts have at least one overly permissive guest user 🔑 Learn about how a compromised Azure Active Directory Guest user leads to #sensitivedata leakage: https://t.co/qBZSO03Zji
🚨 We found a new Vulnerability in GCP CloudSQL 🚨
I am honored to disclose a new vulnerability that I found with @Nu11p01Nt in GCP CloudSQL that could have been used to escalate privileges from a basic user to a full-fledged sysadmin on the container.
https://t.co/W8xuiJ05U8
Lidor Ben Shitrit & Roee Sagi are here to give us a great glimpse into performing security research on Azure services and the process behind the scenes of triaging such vulnerabilities and mitigating the them.
We recently hosted 100+ #securityresearchers who learned from @RoeeSagi about his studies of the attack surface of #Azure VMs and its internal infrastructure. Learn more about the #CosMiss vulnerability: https://t.co/9yucvc0xLR
#telaviv #cloudsecurity #secops #OrcaSecurity
@terminatorLM Great work!
Recently I discovered a one-click RCE vulnerability in #Azure that affects Function apps, App services, and Logic apps.
The vulnerability enables attackers to fully take over the targeted victim's application and managed identity token.
This is the story of #EmojiDeploy ._. 🧵
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers