Rich Warren
@buffaloverflow
Red Team & Offensive Security Research @AmberWolfSec // @buffaloverflow.rw.md on bsky
قد يعجبك
Had an awesome time at RedTreat. Thanks to the @OutflankNL and @MDSecLabs crew for organising, and all the speakers and attendees for the cool talks and discussions! 🏝️👏
#RedTreat2025 is a wrap @StanHacked @MarcOverIP - thanks to all the speakers and the panel team for an extra awesome con this year 🫶
Playing the long game
Visiting NCC Group’s blogs right now feels like a CTF challenge: decipher the mangled text while dodging XSS pop-ups. Better to use web archive to see the original content but they have even changed the URLs! Example: nccgroup.com/research-blog/… The fox-it.com etc are…
What comes after the patch? Bypass of course! 😜 Delinea Protocol Handler RCE - Return of the MSI. By my colleague @johnnyspandex blog.amberwolf.com/blog/2025/augu…
Normalization strikes again 🎯 Delinea Secret Server Protocol Handler RCE: blog.amberwolf.com/blog/2024/dece… By @johnnyspandex
👀
Someone brought it to my attention that Zscaler is using their 500,000,000,000 daily customer logs to train Artificial Intelligence. ... does this not seem like a problem ... ?
Bug bounty platforms can often be misused as NDA as a service. As a general rule, I avoid reporting via bbp for this very reason
If you missed the talk, we uploaded the video here: vimeo.com/1109180896
vimeo.com
Vimeo
DEF CON 33 - Zero Trust, Total Bust: Breaking into Thousands of...
Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live.
Just published the writeup for the "Netskope cross-tenant authentication bypass" featured in our #defcon33 talk #ZeroTrustTotalBust Find the full details here 👇 blog.amberwolf.com/blog/2025/augu… ^We also cover another method to leak those not-so-secret OrgKeys 😉
Netskope have released NSKPSA-2025-002 / CVE-2025-0309 for one of the privilege escalation vulnerabilities discussed during our #ZeroTrustTotalBust DEFCON talk Full writeup and PoC to follow on the @AmberWolfSec blog😉 netskope.com/company/securi…
There's a thread on LinkedIn where ZTNA sales folk are using our research to shill their own product - just to be pointed to writeups of the same vulns affecting their own product. It's very entertaining to watch.
A special shoutout to the many 🇪🇺European cyber researchers presenting their work at #DEFCON, you were awesome. 🇳🇱@_dirkjan @John_Fokker 🇮🇹@Van1sh_BSidesIT 🇫🇷@christophetd @fr0gger_ @kalimer0x00 🇧🇪@RedByte1337 🇨🇿@marektoth 🇬🇧@_mattmuir @johnnyspandex @buffaloverflow +many others
CVE-2025-3831 Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. cve.org/CVERecord?id=C…
You can read about our overall research project at blog.amberwolf.com/blog/2025/augu… and learn about a SAML Authentication bypass in Zscaler (CVE-2025-54982) at blog.amberwolf.com/blog/2025/augu…
Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live.
Maybe some info at #defcon33 on Saturday, Track 3, 15:30 "Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug"
not much info about it but: 🟥 CVE-2025-54982, CVSS: 9.6 (#Critical) Zscaler SAML Authentication A critical vulnerability due to improper verification of cryptographic signatures in Zscaler's SAML authentication mechanism, allowing authentication abuse. #CyberSecurity #CVE…
United States الاتجاهات
- 1. Pico Prism 4,028 posts
- 2. Stanford 11.6K posts
- 3. Good Sunday 40K posts
- 4. SPENCER SMITH 1,108 posts
- 5. Norvell 4,402 posts
- 6. Florida State 10.5K posts
- 7. #AEWWrestleDream 71.9K posts
- 8. Brendon 6,426 posts
- 9. Sabrina 70.3K posts
- 10. Manchester United 41.4K posts
- 11. lorde 7,208 posts
- 12. Utah 33.3K posts
- 13. Darby 11.9K posts
- 14. José Gregorio Hernández 42.6K posts
- 15. Shatta Wale 40.9K posts
- 16. Talus Labs 13.2K posts
- 17. Vaticano 39.6K posts
- 18. Lott 1,024 posts
- 19. Hugh 9,691 posts
- 20. Nobody's Son 5,590 posts
قد يعجبك
-
Will Schroeder
@harmj0y -
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid -
Adam Chester 🏴☠️
@_xpn_ -
Matt Hand
@matterpreter -
🥝🏳️🌈 Benjamin Delpy
@gentilkiwi -
Lee Chagolla-Christensen
@tifkin_ -
Sean Metcalf
@PyroTek3 -
Matt Nelson
@enigma0x3 -
spotheplanet
@spotheplanet -
Cn33liz
@Cneelis -
Dominic Chell 👻
@domchell -
Panos Gkatziroulis 🦄
@netbiosX -
b33f | 🇺🇦✊
@FuzzySec -
kmkz
@kmkz_security -
Mr.Un1k0d3r
@MrUn1k0d3r
Something went wrong.
Something went wrong.