https://naorhaziz.com/Security researcher, Rust devotee, and speaker at fwd:cloudsec and Black Hat USA. My work sits at the intersection of cloud workloads and OS internals, with a focus on real-world impact and sturdy code. 2026-02-17T16:12:31+02:00 Naor Haziz https://naorhaziz.com/ Jekyll © 2026 Naor Haziz /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-02-17T16:00:00+02:00 2026-02-17T16:00:00+02:00 https://naorhaziz.com/posts/irql-compile-time-irql-safety/ Naor Haziz

It started with a different problem entirely. I was writing a Windows kernel driver in Rust and hit something that bothered me: when Rust’s alloc fails, it panics. In user-mode, that’s a crash. In kernel-mode, a panic is a blue screen. Every Box::new, every Vec::push – any allocation that runs out of memory takes down the entire machine. That’s not acceptable for a driver that might run on mil...

2025-07-21T16:00:00+03:00 2025-08-04T20:25:18+03:00 https://naorhaziz.com/posts/ecscape-iam-privilege-boundaries-in-ecs/ Naor Haziz

This post is Part 2 of our educational series on Amazon ECS security. In Part 1 – Under the Hood of Amazon ECS on EC2, we explored how the ECS agent, IAM roles and the ECS control plane provide credentials to tasks. Here we’ll demonstrate how those mechanisms can lead to a known risk when tasks with different privilege levels share the same EC2 host. This cross-task credential exposure highligh...

2025-07-16T16:00:00+03:00 2025-08-02T12:34:12+03:00 https://naorhaziz.com/posts/under-the-hood-of-amazon-ecs/ Naor Haziz

When running containers on Amazon ECS using EC2 instances, there’s a lot happening under the hood on each host. Understanding these internals is crucial for operating ECS securely. In this first part of our deep‑dive, we’ll explore how ECS on EC2 works – focusing on the ECS agent, the IAM roles and credential delivery mechanism, and where the boundaries (and lack thereof) lie between tasks on t...