• Gavin Holt
• 09 Aug, 2025
• • Vulnerability
  • NachoVPN
  • ZTNA
  • DEFCON

Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview

Uncovering critical flaws in ZTNA solutions, allowing attackers to escalate privileges on end user devices and to completely bypass authentication, …

Read Article

• Richard Warren
• 04 Aug, 2025
• • Vulnerability
  • NachoVPN
  • GlobalProtect
  • Palo Alto

NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 2 - Palo Alto GlobalProtect

Thought CVE-2024-5921 was fixed? Nacho problem! NachoVPN brings downgrade attacks to GlobalProtect.

Read Article

• Richard Warren
• 29 Jul, 2025
• • Vulnerability
  • NachoVPN
  • Ivanti

NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 1 - Ivanti Connect Secure

What’s better than logon scripts? SYSTEM shells. NachoVPN now abuses Ivanti remediation logic to load rogue DLLs over SMB and hijack Wow64 …

Read Article

• David Cash
• Richard Warren
• 26 Nov, 2024
• • Vulnerability Disclosure
  • Palo Alto
  • NachoVPN
  • GlobalProtect
  • VPN

Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)

Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)

Read Article