Bio

Nitesh Surana is a Senior Threat Researcher with Trend Micro where he specializes in cloud vulnerability & security research. He has been in the top 100 MSRC Most Valuable Security Researchers in 2023 for his submissions to Microsoft via the Zero Day Initiative. He has presented across conferences such as Black Hat USA, HackInTheBox, HackInParis, Nullcon, c0c0n, Security BSides, NDC Oslo and OWASP/Null Bangalore meetups. Apart from playing with packets and syscalls, Nitesh is found attending concerts and writing/playing music.

Socials: Trend Micro, LinkedIn, Twitter, Mastodon, YouTube

Portfolio

Vulnerability Research

ZDI-24-400 (9.8) Microsoft uAMQP for Python azure-iot-sdks-ci Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-396 (9.8) Microsoft Azure ODSP nikisos Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-24-369 (5.3) Google cAdvisor REST API Improper Access Control Information Disclosure Vulnerability
ZDI-24-208 (9.8) Microsoft Azure MCR VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability
ZDI-23-1588 (8.8) Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
ZDI-23-1528 (10.0) Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
ZDI-23-1527 (10.0) Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
ZDI-23-1056 (4.4) (0Day) Microsoft Azure Machine Learning Compute Instance certificate Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability
ZDI-23-1044 (9.9) (0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability
ZDI-23-880 (5.5) Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
ZDI-23-380 (6.5) Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
ZDI-23-161 (6.5) Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-097 (6.8) Microsoft Azure Machine Learning Service JWT Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-096 (6.5) Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-095 (6.5) Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability

Blogs on Attack Simulation, Honeypots, Threat Hunting

2023-08-30 - Uncovering Silent Threats in Azure Machine Learning Service - Part 2
2023-08-17 - Uncovering Silent Threats in Azure Machine Learning Service - Part 1
2023-05-23 - Info Stealer Abusing Codespaces Puts Discord Users at Risk
2023-05-19 - Rust-Based Info Stealers Abuse GitHub Codespaces
2023-01-16 - Abusing a GitHub Codespaces Feature For Malware Delivery
2022-10-26 - Threat Actors Target AWS EC2 Workloads to Steal Credentials
2022-09-12 - Security Breaks: TeamTNT’s DockerHub Credentials Leak
2022-09-08 - How Malicious Actors Abuse Native Linux Tools in Attacks
2022-04-08 - CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
2022-02-11 - Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™
2022-01-27 - How to detect Apache Log4j vulnerabilities
2021-12-21 - How to detect Apache HTTP Server Exploitation
2021-12-03 - Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
2021-12-01 - Analyzing How TeamTNT Used Compromised Docker Hub Accounts
2021-11-09 - Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
2021-08-12 - Detecting PrintNightmare Exploitation Attempts using Cloud One and Vision One
2021-07-22 - Safeguarding against cryptomining attacks
2021-04-21 - Could the Microsoft Exchange breach be stopped?

Public Mentions

Talks

2023 - Nullcon Goa - Uncovering Azure'S Silent Threats: A Journey Into Cloud Vulnerabilities
2023 - HackInTheBox Phuket - Breaking ML Services: Finding 0-days In Azure Machine Learning
2023 - Black Hat USA - Uncovering Azure'S Silent Threats: A Journey Into Cloud Vulnerabilities
2023 - NDC Oslo - Abusing GitHub for fun & profit: Actions and Codespaces Security

Misc

2020-11-20 - First Router Bug (or a feature?). You decide :)
2020-09-20 - Winja CTF x Nullcon x c0c0n 2020
2020-06-24 - Popping LFI on Android Apps with over 21M+ Downloads
2020-02-05 - Bug hunter finds cryptocurrency-mining botnet on DOD network
2020-01-31 - DC3 VDP on X: "Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins...
2020-01-01 - Public instance of Jenkins on https://██████████/ with /script enabled
2020-01-18 - Null & OWASP Bangalore: A Primer on Metasploit
2019-12-21 - Null & OWASP Bangalore: A Primer on OSINT

This page is heavily inspired from James Kettle