Tal Skverer
Astrix Security

Tal Skverer is the Research Team Lead at Astrix Security, where he challenges cloud platforms' defenses and mitigations. At his previous job (Argus), he hacked vehicle computers on a daily basis, and is also known for being one of the researchers that broke PokemonGo's anti-cheating system in 2016. Tal holds an M.Sc. in Computer Science from the Weizmann Institute and has a decade of experience in reverse engineering, malware analysis, embedded security, web hacking, cryptography and pentesting. Biannually, Tal teaches workshops on assembly language, reverse engineering and blackbox research.

How attackers exploit non-human identities: Workshop recap

Tal Skverer | March 11, 2024 | Blog

In the workshop we demonstrated a full attack path exploiting non-human identities, starting with initial access to AWS through an exposed secret in a public GitHub repo. We then continued to privilege escalation through a service account, gained access to source code, and managed to steal customer details and perform ... Read More

Astrix Security

Entro service account Machine Learning to Address Evolving Threats

The Service Accounts Conundrum: What They Are and How to Secure Them

Tal Skverer | February 12, 2024 | Cloud Security, identity, Machine Identity, non-human identity, service account

The definition of a 'service account' is vague, their use is unstructured and that makes securing them incredibly challenging ... Read More

Security Boulevard

OAuth attack against Microsoft by Midnight Blizzard

Tal Skverer | January 28, 2024 | Blog

Midnight Blizzard, the Russian state-sponsored actors, were abusing OAuth applications as part of their attack against Microsoft’s corporate environment. Learn about the attack flow and get the recommended remediation steps. The post OAuth attack against Microsoft by Midnight Blizzard appeared first on Astrix Security ... Read More

Astrix Security

Part 1: Non-human identity security – The complete technical guide

Tal Skverer | January 9, 2024 | Resources

“Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and ... Read More

Astrix Security

How attackers exploit non-human identities: Workshop recap

The Service Accounts Conundrum: What They Are and How to Secure Them

OAuth attack against Microsoft by Midnight Blizzard

Part 1: Non-human identity security – The complete technical guide

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On