Nitesh Surana

Sr. Cloud Threat Researcher | Top 100 MSRC Researchers 2023, 2024

About

Nitesh Surana is a Senior Cloud Threat Researcher at Trend Micro with over five years of experience in cybersecurity. He began his career as a SOC analyst in 2019 before transitioning into threat research, where he now focuses on cloud and cloud-native environments, software supply chain attacks, vulnerabilities, threats, and security misconfigurations.

Through coordinated disclosure of vulnerable designs impacting more than 10 Azure services, Nitesh has been recognized among the Top 10 Microsoft Security Researchers in 2024 while working with the Trend Zero Day Initiative. His research on Azure and Microsoft services, as well as investigations into cloud threat actor credential leaks, has been presented at conferences including Black Hat USA and Asia, Blue Hat USA, FIRSTCON, HackInTheBox, HackInParis, Virus Bulletin, Nullcon, Vulncon and c0c0n.

Outside of keyboards, he enjoys metal music and spending time in the Himalayas.

Links

Hacking Archives of India · LinkedIn · X · Mastodon · Bluesky · YouTube

Blogs

Date	Blog
2025-10-08	A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk
2025-04-15	ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains
2024-10-16	Fake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Data
2024-07-25	The Mirage of AI Programming: Hallucinations and Code Integrity
2024-07-11	Leaky Labels: Bypassing Traefik Proxy Leveraging cAdvisor Metrics
2024-05-02	Observability Exposed: Exploring Risks in Cloud-Native Metrics
2024-04-22	You Can't See Me: Achieving Stealthy Persistence in Azure Machine Learning
2023-08-30	Uncovering Silent Threats in Azure Machine Learning Service - Part 2
2023-08-17	Uncovering Silent Threats in Azure Machine Learning Service - Part 1
2023-05-23	Info Stealer Abusing Codespaces Puts Discord Users at Risk
2023-05-19	Rust-Based Info Stealers Abuse GitHub Codespaces
2023-01-16	Abusing a GitHub Codespaces Feature For Malware Delivery
2022-10-26	Threat Actors Target AWS EC2 Workloads to Steal Credentials
2022-09-12	Security Breaks: TeamTNT’s DockerHub Credentials Leak
2022-09-08	How Malicious Actors Abuse Native Linux Tools in Attacks
2022-04-08	CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability
2022-02-11	Detecting PwnKit (CVE-2021-4034) Using Trend Micro Vision One and Cloud One
2022-01-27	How to detect Apache Log4j vulnerabilities
2021-12-21	How to detect Apache HTTP Server Exploitation
2021-12-03	Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
2021-12-01	Analyzing How TeamTNT Used Compromised Docker Hub Accounts
2021-11-09	Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
2021-08-12	Detecting PrintNightmare Exploitation Attempts using Cloud One and Vision One
2021-07-22	Safeguarding against cryptomining attacks
2021-04-21	Could the Microsoft Exchange breach be stopped?

Talks

Year	Conference	Talk
2025	fwd:cloudsec EU	The Cloud is a Spider Web: But with Broken Threads
2024	BSides Ahmedabad	Tokens & Takeovers: Cloud-Powered Supply Chain Attacks
2024	Virus Bulletin, Ireland	From code to crime: exploring threats in GitHub Codespaces — Jaromir Horejsi & Nitesh Surana
2024	Microsoft BlueHat, USA	Tokens & Takeovers: Cloud-Powered Supply Chain Attacks
2024	Black Hat Asia, Singapore	Breaking Managed Identity Barriers In Azure Services
2024	FIRSTCON Japan	From Code to Crime: Exploring Threats in GitHub Codespaces
2023	BSides Ahmedabad	Uncovering Azure's Silent Threats: A Journey into Cloud Vulnerabilities
2023	c0c0n XVI, Kochi	Uncovering Azure's Silent Threats: A Story of Cloud Vulnerabilities
2023	Nullcon, Goa	Uncovering Azure's Silent Threats: A Journey Into Cloud Vulnerabilities
2023	HackInTheBox, Phuket	Breaking ML Services: Finding 0-days In Azure Machine Learning
2023	Black Hat USA, Virtual	Uncovering Azure's Silent Threats: A Journey Into Cloud Vulnerabilities
2023	NDC, Oslo	Abusing GitHub for fun & profit: Actions and Codespaces Security

ZDI Disclosures

Vulnerabilities identified and reported to vendors in the latest version of their affected product(s).

Advisory	Severity	Vulnerability
ZDI-25-1057	7.8	(0Day) Microsoft Visual Studio VsDevCmd Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-25-858	8.8	Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability
ZDI-25-844	4.7	Microsoft Windows Subsystem for Linux WslCoreVm::Initialize Incorrect Privilege Management Information Disclosure Vulnerability
ZDI-25-422	3.7	Microsoft Azure Machine Learning Environments Denial-of-Service Vulnerability
ZDI-25-421	5.3	Microsoft Azure App Services Information Disclosure Vulnerability
ZDI-25-359	7.8	Microsoft Visual Studio initializeCommand Insufficient UI Warning Remote Code Execution Vulnerability
ZDI-25-206	9.8	Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-25-205	9.8	Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1329	8.8	Axis Communications Autodesk Plugin AxisAddin axisapphelpfiles Remote Code Execution Vulnerability
ZDI-24-1328	8.8	Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability
ZDI-24-1181	7.6	Axis Communications Autodesk Plugin Exposure of Sensitive Information Authentication Bypass Vulnerability
ZDI-24-1177	9.8	Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1176	9.8	Amazon AWS aws-glue-with-s2s-vpn Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1097	9.9	(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability
ZDI-24-1075	9.8	Microsoft PowerShell Reference for Office Products officedocs-cdn Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1074	9.8	Microsoft PowerShell Gallery psg-prod-centralus Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1073	9.8	Microsoft Azure uAMQP azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1072	9.8	Microsoft CameraTraps cameratracrsppftkje Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1071	9.8	Microsoft Azure GPT ALE palantirdemoacr Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1070	9.8	Microsoft Partner Resources openhacks Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1069	9.8	Microsoft Technical Case Studies athena-dashboard Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1068	5.3	Microsoft Azure ML.NET Samples mlnetfilestorage Uncontrolled Search Path Element Vulnerability
ZDI-24-1067	9.4	Microsoft Azure CollectSFData docs-analytics-eus Uncontrolled Search Path Element Impersonation Vulnerability
ZDI-24-1066	9.8	Microsoft Azure DataStoriesSamples machinelearningdatasets Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1065	9.8	Microsoft Azure Availability Monitor for Kafka esnewdeveastdockerregistry Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1064	9.8	Microsoft AirSim airsimci Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1063	9.8	Microsoft Reactor Workshops reactorworkshops Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1062	9.8	Microsoft Fluid Framework prague Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1061	9.8	Microsoft What The Hack docsmsftpdfs Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1060	9.8	Microsoft Azure Aztack aztack1528763526 Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1059	9.8	Microsoft Azure Linux Automation konkaciwestus1 Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-1058	9.8	Microsoft Azure NodeJS LogPoint logpointsassets Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-23-1588	8.8	Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
ZDI-23-1528	10.0	Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
ZDI-23-1527	10.0	Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
ZDI-23-1056	4.4	(0Day) Microsoft Azure Machine Learning Compute Instance certificate Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability
ZDI-23-1044	9.9	(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability
ZDI-24-998	8.2	KernelCI SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
ZDI-24-993	7.5	Microsoft Azure myapiendpoint.developer.azure-api Improper Access Control Information Disclosure Vulnerability
ZDI-24-992	9.8	Microsoft Azure VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-991	9.8	Microsoft Azure Arc Jumpstart Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-989	9.8	Microsoft Azure Container Network Management sbidprod Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-988	9.8	Microsoft Azure MQTT azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-987	9.8	Microsoft Object Detection Solution Accelerator csaddevamlacr Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-986	9.8	Microsoft Azure IoT Edge Dev Tool iotedgetoolscontainerregistry Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-985	9.8	Microsoft Azure Service Fabric servicefabricsdkstorage Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-983	9.8	Microsoft Azure Go Labs microsoftgoproxy Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-982	5.3	Microsoft Azure SQL Workshop azuremlsampleexperiments Uncontrolled Search Path Element Vulnerability
ZDI-24-981	9.8	Microsoft Azure Machine Learning Notebooks azuremlpackages Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-980	9.8	Microsoft Azure Machine Learning Forecasting Toolkit azuremlftkrelease Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-581	10.0	Microsoft Azure SQL Managed Instance Documentation SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
ZDI-24-580	9.8	Microsoft Artifact Registry Container Images Empty Password Authentication Bypass Vulnerability
ZDI-24-400	9.8	Microsoft uAMQP for Python azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-396	9.8	Microsoft Azure ODSP nikisos Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-369	5.3	Google cAdvisor REST API Improper Access Control Information Disclosure Vulnerability
ZDI-24-208	9.8	Microsoft Azure MCR VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-23-880	5.5	Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
ZDI-23-380	6.5	Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
ZDI-23-161	6.5	Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-097	6.8	Microsoft Azure Machine Learning Service JWT Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-096	6.5	Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-095	6.5	Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability

Misc

2024-10-22 - Announcing the BlueHat 2024 Sessions | MSRC Blog
2024-08-06 - MSRC: Congratulations to each of our MSRC 2024 Most Valuable Researchers!
2024-07-24 - MSRC: Congratulations to the Top MSRC 2024 Q2 Security Researchers!
2024-04-17 - MSRC: Congratulations to the Top MSRC 2024 Q1 Security Researchers!
2023-08-18 - InformationWeek: 4 of the Biggest Vulnerabilities Talked About During Black Hat 2023
2023-08-10 - TechTarget: Trend Micro discloses 'silent threat' flaws in Azure ML
2023-02-14 - ZDI: The February 2023 Security Update Overview
2023-01-17 - CSOOnline: How attackers might use GitHub Codespaces to hide malware delivery
2022-09-14 - Dark Reading: TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls
2020-02-05 - Bug hunter finds cryptocurrency-mining botnet on DOD network
2020-01-31 - DC3 VDP on X: Jenkins RCE mention
2020-11-20 - First Router Bug (or a feature?)
2020-09-20 - Winja CTF x Nullcon x c0c0n 2020
2020-06-24 - Popping LFI on Android Apps with over 21M+ Downloads
2020-01-18 - Null & OWASP Bangalore: A Primer on Metasploit
2019-12-21 - Null & OWASP Bangalore: A Primer on OSINT