• Richard Warren
• David Cash
• 29 Aug, 2025
• • Vulnerability
  • ZTNA
  • DEFCON
  • Netskope

Advisory - Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309)

Never Trust, Always Verify - except when you have to trust the server isn’t malicious .. and install this CA certificate and MSI while …

Read Article

• Richard Warren
• David Cash
• 15 Aug, 2025
• • Vulnerability
  • ZTNA
  • DEFCON
  • Netskope

Advisory - Netskope Cross-tenant Authentication Bypass

Advisory - Netskope Cross-tenant Authentication Bypass

Read Article

• Richard Warren
• David Cash
• 09 Aug, 2025
• • Vulnerability
  • Zscaler
  • ZTNA
  • DEFCON

Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982)

Advisory - Zscaler SAML Authentication Bypass (CVE-2025-549820)

Read Article

• Gavin Holt
• 09 Aug, 2025
• • Vulnerability
  • NachoVPN
  • ZTNA
  • DEFCON

Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview

Uncovering critical flaws in ZTNA solutions, allowing attackers to escalate privileges on end user devices and to completely bypass authentication, …

Read Article

• Richard Warren
• 04 Aug, 2025
• • Vulnerability
  • NachoVPN
  • GlobalProtect
  • Palo Alto

NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 2 - Palo Alto GlobalProtect

Thought CVE-2024-5921 was fixed? Nacho problem! NachoVPN brings downgrade attacks to GlobalProtect.

Read Article

• Richard Warren
• 29 Jul, 2025
• • Vulnerability
  • NachoVPN
  • Ivanti

NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 1 - Ivanti Connect Secure

What’s better than logon scripts? SYSTEM shells. NachoVPN now abuses Ivanti remediation logic to load rogue DLLs over SMB and hijack Wow64 …

Read Article

• Iain Smart
• 17 Jan, 2025
• • Vulnerability
  • Kubernetes

Reproducing CVE-2024-9042: Command Injection in Windows Kubernetes Nodes

Recreating a vulnerability in log streaming via the Kubelet on Windows nodes

Read Article