Black Hat Europe 2021

Join us at Black Hat Europe and attend our sessions to learn never-before-released details about ChaosDB and our call-to-action for a cloud vulnerability database.

Black hat business hall

Meet us us at booth 212

Drop by booth 212 to meet the Wiz team and enter for your chance to win one of five Nintendo Switches.

Booth schedule

Wednesday, November 10
10:00am - 6:00pm Booth open
3:00pm Happy Hour

Thursday, November 11
10:00am - 4:00pm Booth open
10:00am Coffee Station

Wiz sessions at Black Hat

ChaosDB: How We Hacked Databases of Thousands of Azure Customers

Sagi Tzadik  |  Security Researcher, Wiz
Nir Ohfeld  |  Security Researcher, Wiz


Wednesday, November 10 | 11:20am-12:00pm ( Room BC, ICC Capital Suite 12, Level 3 )

Thursday, November 11 | 1:30pm-2:10pm ( Virtual )

Format: 40-Minute Briefings‍

Tracks:  Cloud & Platform Security

In August 2021, the Wiz Research Team uncovered ChaosDB - a critical cross-tenant vulnerability in Azure Cosmos DB, Azure's flagship managed database solution which is used by countless organizations. This vulnerability is every company’s worst nightmare: even a flawless environment is affected. Easily exploitable, this bug allowed any Azure user to have full admin access to thousands of customers' databases, including Fortune 500 companies, without any procedural authorization.

This is an unprecedented cloud vulnerability, considered to be one of the most severe issues ever disclosed in any major cloud platform. This vulnerability triggered many questions regarding the security of managed cloud services. Since this vulnerability allowed stealing long-lasting secrets of the target database, attackers may use these secrets at their convenience, and the only solution is to rotate their secrets and hope they have not been used before.

In this talk, we will take the attacker's point of view and discuss how we exploited a chain of misconfigurations and vulnerabilities in Azure Cosmos DB. From identifying the attack surface through leveraging a complex chain of vulnerabilities that enabled this exploitation, we will uncover obscure mechanisms in Azure's internal infrastructure that we managed to leverage to gain the ability to arbitrarily query data from customers' Cosmos DB instances.

Finally, we will dive deep into the vulnerability's root cause and describe the potential attack vectors and the best practices learned for building more secure cloud services.

Security Industry Call-to-Action: We Need a Cloud Vulnerability Database

Shir Tamari |  Head of Research, Wiz
Alon Schindel  |  Director of Data and Threat Research, Wiz


Thursday, November 11 | 11:20am-12:00pm ( Room D, ICC Capital Suite, Level 3 )

Format: 40-Minute Briefings
Tracks:  Cloud & Platform Security,  Policy

The shared responsibility model is broken. Companies are unable to keep up with cloud complexity, while vendors and cloud providers do not provide clear identification, tracking or severity for vulnerabilities discovered in their platforms. Moreover there is an inherent lack of transparency, as cloud providers do not share full details of exposure, impact, or mitigation steps for vulnerabilities discovered in their platform.

Join the Wiz Research Team who uncovered several unprecedented cloud vulnerabilities in AWS, GCP and Azure in their journey and conclusions from the disclosure process. We will review key learnings and insights from OMIGOD, ChaosDB and AWS IAM cross-account vulnerabilities we uncovered.

In this session we will make the case for extending the current CVE model to be more cloud friendly as the current model is broken and call everyone to join the movement for change.