Gal Nagli

Founder & CEO
Shockwave

Gal Nagli is the Founder & CEO of shockwave.cloud, the Next-Gen Attack Surface Management Platform, he is one of the world's leading Bug Bounty hunters and one of the few who have earned more than $1,000,000 in bounties. He managed to identify critical security vulnerabilities within thousands of companies and major F500 organizations, while winning Live Hacking Event competitions around the world.

A few blogs I've written:

Shockwave Attack Surface Management - CVE-2024-23897 Jenkins - Arbitrary file read vulnerability through the CLI
January 16, 2024
Shockwave Attack Surface Management - CVE-2024-23897 Jenkins - Arbitrary file read vulnerability through the CLI

Jenkins has disclosed CVE-2024-23897 that allows unauthenticated malicious actors to read local files from the systems, and potentially achieve Remote Code Execution.

Shockwave Attack Surface Management - CVE-2023-7028 0 Click Account Takeover affecting GitLab.
January 16, 2024
Shockwave Attack Surface Management - CVE-2023-7028 0 Click Account Takeover affecting GitLab.

CVE-2023-7028 is a Critical CVE affecting GitLab instances that allows malicious actors to reset arbitrary existing user password within a single HTTP request, and gain full access onto the instance.

Shockwave Attack Surface Management - CVE-2023-35078 Authentication Bypass affecting Ivanti MobileIron
January 16, 2024
Shockwave Attack Surface Management - CVE-2023-35078 Authentication Bypass affecting Ivanti MobileIron

CVE-2023-35078 is a Critical CVE on Ivanti's MobileIron product that allows malicious actors to dump the entire PII, devices and users on the MobileIron system in a matter of a single request.

Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT
January 16, 2024
Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT

Discover the story of our founder who uncovered the world's first documented Web Vulnerability that impacted OpenAI's ChatGPT, and collaborated with the team to swiftly remediate it within hours.

Email Security Gone Wrong - How does email security strategy of organizations leaks sensitive information to the public?
January 16, 2024
Email Security Gone Wrong - How does email security strategy of organizations leaks sensitive information to the public?

Learn from our research presentation how active email security detection tools exposes sensitive information about your company without any interaction - and what you can do about it!

Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack
January 16, 2024
Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack

This blog post discusses the discovery of a vulnerability by Shockwave's team which allowed malicious actors to claim assets.npmjs.com subdomain, and would likely have constructed a significant supply chain attack with.

Privilege Escalation via Mass Assignment: Practical Example hacking one of the World's Largest Consulting Firm
January 16, 2024
Privilege Escalation via Mass Assignment: Practical Example hacking one of the World's Largest Consulting Firm

Shockwave's Security Research team, identified and responsibly reported a Mass Assignment vulnerability that allowed us to escalate privileges from a normal membership level to that of an administrator account, giving us full access to the organization's systems.

Wordpress Plugin Update Confusion
January 16, 2024
Wordpress Plugin Update Confusion

Read now Shockwave's security team helped in scaling up a ground-breaking research involving a novel supply chain attack on Wordpress Website

Secure Your
Externally facing
Attack Surface Today!

Subscribe using Stripe

No meetings required