View by category

Data Security Threat Research Varonis Products DSPM AI Security Cloud Security Ransomware Active Directory Privacy & Compliance

Tal Peleg

Tal Peleg is a senior security researcher at Varonis. Also known as TLP, Tal is a full-stack hacker with experience in malware analysis, Windows domains, web servers, and cloud. His research is currently focused on cloud applications and APIs.

Latest articles

Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk

Tal Peleg

Nov 15, 2022

Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk Explore, the reporting and analytics service in the popular customer service solution, Zendesk.

Spoofing SaaS Vanity URLs for Social Engineering Attacks

Tal Peleg

May 11, 2022

SaaS vanity URLs can be spoofed and used for phishing campaigns and other attacks. In this article, we’ll showcase two Box link types, two Zoom link types, and two Google Docs link type that we were able to spoof.

Mixed Messages: Busting Box’s MFA Methods

Tal Peleg

Jan 18, 2022

Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.

Bypassing Box's Time-based One-Time Password MFA

Tal Peleg

Dec 02, 2021

The Varonis research team discovered a way to bypass Box's Time-based One-Time Password MFA for Box accounts that use authenticator applications.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Get started View sample