Yuval Moravchick is the Application Security Research Team Leader at Cato Networks. With over 10 years of technical experience in the cybersecurity industry, Yuval has built and led security teams at various organizations. He specializes in penetration testing, security research, and the development of offensive security tools. Before joining Cato Networks, Yuval held roles at Wix.com and ControlUp, where he led an application security research team, detected 0-day bugs, and managed the SSDLC activities. Prior to joining Wix.com and ControlUp, Yuval honed his expertise at BugSec in managing a team of skilled penetration testers and also conducted red team simulations, and developed malware. Yuval holds a B.Sc. in Industrial & Management Engineering and has several industry certifications, including Offensive Security Certified Professional (OSCP) and Offensive Security Web Expert (OSWE).
 

Presentations

23x

Weaponizing Streamlit: Cloud Account Takeover Through File Upload Exploitation

File upload vulnerabilities in cloud-native apps are often underestimated, but a flaw in Streamlit’s st.file_uploader enabled attackers to bypass client-side checks, upload arbitrary files, and seize control of misconfigured cloud instances. This talk walks through the full exploit chain—from bypassing file filtering to gaining persistent access and manipulating live data pipelines—revealing how simple oversights can lead to market-scale risk and why trusting frontend logic is a dangerous mistake.

See Presentation