Aqua Blog

Roi Kol

Roi Kol
Roi is a Security Researcher at Aqua. His work focuses on researching threats in the cloud native world. When not at work, Roi is a B.A. student in Computer Science at the Open University. He also enjoys going out into nature and spending time with family and friends.
Detecting eBPF Malware with Tracee

Detecting eBPF Malware with Tracee

eBPF is a popular and powerful technology embedded in the Linux kernel. It is widely used by many security tools for monitoring kernel activity to detect and protect organizations. eBPF, however, can potentially be a dual edged sword as it can be used by threat actors as part of their malicious arsenal. Lately, we …

Continue reading ›
Deep Analysis of TeamTNT Techniques Using Container Images to Attack

Deep Analysis of TeamTNT Techniques Using Container Images to Attack

This blog was co-authored with Assaf Morag, Lead Security Analyst at Aqua Security

Ever notice how news about hidden malware almost always focuses on remediation AFTER the fact? So did we. Even now, there’s yet another news story about a rash of attacks by a group called TeamTNT. They used a crypto-mining worm to …

Continue reading ›
Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks

Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks

Aqua’s research team continuously investigates and analyzes the anatomy of new attacks in the wild. Recently, we identified attacks that exploited misconfigured open Docker daemons, where attackers were actively using this attack vector to hijack environments in order to launch targeted DDoS attacks. Each of the …

Continue reading ›