I am Nitesh, working as a Senior Threat Researcher with Trend Micro. I focus on software supply chain attacks, cloud vulnerabilities, threats, misconfigurations and the jazz that comes along. Recently, I've been in the top 10 Microsoft Security Researchers for 2024, primarily for my submissions affecting 10+ Azure services via Trend Micro Zero Day Initiative. My work has been presented in conferences such as Black Hat USA, Black Hat Asia, Blue Hat USA, FIRSTCON, HackInTheBox, HackInParis, Virus Bulletin, Nullcon, c0c0n, Vulncon, Security BSides [Delhi, Bangalore, Ahmedabad], NDC Oslo and OWASP/Null Bangalore meetups.
I love curl, grep and xargs. Apart from playing with packets and syscalls, I love attending concerts and writing/playing music.
Links: Hacking Archives of India, LinkedIn, X, Mastodon, Bluesky, YouTube,
ID, Severity, Vulnerability
ZDI-24-1329 | 8.8 | Axis Communications Autodesk Plugin AxisAddin axisapphelpfiles Remote Code Execution Vulnerability |
ZDI-24-1328 | 8.8 | Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability |
ZDI-24-1181 | 7.6 | Axis Communications Autodesk Plugin Exposure of Sensitive Information Authentication Bypass Vulnerability |
ZDI-24-1177 | 9.8 | Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1176 | 9.8 | Amazon AWS aws-glue-with-s2s-vpn Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1097 | 9.9 | (0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability |
ZDI-24-1075 | 9.8 | Microsoft PowerShell Reference for Office Products officedocs-cdn Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1074 | 9.8 | Microsoft PowerShell Gallery psg-prod-centralus Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1073 | 9.8 | Microsoft Azure uAMQP azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1072 | 9.8 | Microsoft CameraTraps cameratracrsppftkje Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1071 | 9.8 | Microsoft Azure GPT ALE palantirdemoacr Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1070 | 9.8 | Microsoft Partner Resources openhacks Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1069 | 9.8 | Microsoft Technical Case Studies athena-dashboard Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1068 | 5.3 | Microsoft Azure ML.NET Samples mlnetfilestorage Uncontrolled Search Path Element Vulnerability |
ZDI-24-1067 | 9.4 | Microsoft Azure CollectSFData docs-analytics-eus Uncontrolled Search Path Element Impersonation Vulnerability |
ZDI-24-1066 | 9.8 | Microsoft Azure DataStoriesSamples machinelearningdatasets Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1065 | 9.8 | Microsoft Azure Availability Monitor for Kafka esnewdeveastdockerregistry Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1064 | 9.8 | Microsoft AirSim airsimci Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1063 | 9.8 | Microsoft Reactor Workshops reactorworkshops Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1062 | 9.8 | Microsoft Fluid Framework prague Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1061 | 9.8 | Microsoft What The Hack docsmsftpdfs Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1060 | 9.8 | Microsoft Azure Aztack aztack1528763526 Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1059 | 9.8 | Microsoft Azure Linux Automation konkaciwestus1 Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-1058 | 9.8 | Microsoft Azure NodeJS LogPoint logpointsassets Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-23-1588 | 8.8 | Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability |
ZDI-23-1528 | 10.0 | Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability |
ZDI-23-1527 | 10.0 | Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability |
ZDI-23-1056 | 4.4 | (0Day) Microsoft Azure Machine Learning Compute Instance certificate Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability |
ZDI-23-1044 | 9.9 | (0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability |
ZDI-24-998 | 8.2 | KernelCI SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability |
ZDI-24-993 | 7.5 | Microsoft Azure myapiendpoint.developer.azure-api Improper Access Control Information Disclosure Vulnerability |
ZDI-24-992 | 9.8 | Microsoft Azure VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-991 | 9.8 | Microsoft Azure Arc Jumpstart Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-989 | 9.8 | Microsoft Azure Container Network Management sbidprod Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-988 | 9.8 | Microsoft Azure MQTT azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-987 | 9.8 | Microsoft Object Detection Solution Accelerator csaddevamlacr Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-986 | 9.8 | Microsoft Azure IoT Edge Dev Tool iotedgetoolscontainerregistry Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-985 | 9.8 | Microsoft Azure Service Fabric servicefabricsdkstorage Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-983 | 9.8 | Microsoft Azure Go Labs microsoftgoproxy Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-982 | 5.3 | Microsoft Azure SQL Workshop azuremlsampleexperiments Uncontrolled Search Path Element Vulnerability |
ZDI-24-981 | 9.8 | Microsoft Azure Machine Learning Notebooks azuremlpackages Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-980 | 9.8 | Microsoft Azure Machine Learning Forecasting Toolkit azuremlftkrelease Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-581 | 10.0 | Microsoft Azure SQL Managed Instance Documentation SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability |
ZDI-24-580 | 9.8 | Microsoft Artifact Registry Container Images Empty Password Authentication Bypass Vulnerability |
ZDI-24-400 | 9.8 | Microsoft uAMQP for Python azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-396 | 9.8 | Microsoft Azure ODSP nikisos Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-24-369 | 5.3 | Google cAdvisor REST API Improper Access Control Information Disclosure Vulnerability |
ZDI-24-208 | 9.8 | Microsoft Azure MCR VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability |
ZDI-23-880 | 5.5 | Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability |
ZDI-23-380 | 6.5 | Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability |
ZDI-23-161 | 6.5 | Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability |
ZDI-23-097 | 6.8 | Microsoft Azure Machine Learning Service JWT Cleartext Storage of Credentials Information Disclosure Vulnerability |
ZDI-23-096 | 6.5 | Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability |
ZDI-23-095 | 6.5 | Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability |