내가 좋아할 만한 콘텐츠
Zero Trust is not a product it is an approach - at the @NCSC we have just released demystifying zero trust which addresses common misconceptions, and provides practical advice on when and how it should be adopted. ncsc.gov.uk/collection/zer…
Had an awesome time at RedTreat. Thanks to the @OutflankNL and @MDSecLabs crew for organising, and all the speakers and attendees for the cool talks and discussions! 🏝️👏
#RedTreat2025 is a wrap @StanHacked @MarcOverIP - thanks to all the speakers and the panel team for an extra awesome con this year 🫶
Playing the long game
Visiting NCC Group’s blogs right now feels like a CTF challenge: decipher the mangled text while dodging XSS pop-ups. Better to use web archive to see the original content but they have even changed the URLs! Example: nccgroup.com/research-blog/… The fox-it.com etc are…
What comes after the patch? Bypass of course! 😜 Delinea Protocol Handler RCE - Return of the MSI. By my colleague @johnnyspandex blog.amberwolf.com/blog/2025/augu…
Normalization strikes again 🎯 Delinea Secret Server Protocol Handler RCE: blog.amberwolf.com/blog/2024/dece… By @johnnyspandex
👀
Someone brought it to my attention that Zscaler is using their 500,000,000,000 daily customer logs to train Artificial Intelligence. ... does this not seem like a problem ... ?
Bug bounty platforms can often be misused as NDA as a service. As a general rule, I avoid reporting via bbp for this very reason
why would i report free bugs to bugcrowd vdp just for vendors to say “never disclose”? that disclosure policy is not it. better to go security@ with project zero deadlines, 90 days, then i share it with the community.
If you missed the talk, we uploaded the video here: vimeo.com/1109180896
vimeo.com
Vimeo
DEF CON 33 - Zero Trust, Total Bust: Breaking into Thousands of...
Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live.
Just published the writeup for the "Netskope cross-tenant authentication bypass" featured in our #defcon33 talk #ZeroTrustTotalBust Find the full details here 👇 blog.amberwolf.com/blog/2025/augu… ^We also cover another method to leak those not-so-secret OrgKeys 😉
Netskope have released NSKPSA-2025-002 / CVE-2025-0309 for one of the privilege escalation vulnerabilities discussed during our #ZeroTrustTotalBust DEFCON talk Full writeup and PoC to follow on the @AmberWolfSec blog😉 netskope.com/company/securi…
There's a thread on LinkedIn where ZTNA sales folk are using our research to shill their own product - just to be pointed to writeups of the same vulns affecting their own product. It's very entertaining to watch.
A special shoutout to the many 🇪🇺European cyber researchers presenting their work at #DEFCON, you were awesome. 🇳🇱@_dirkjan @John_Fokker 🇮🇹@Van1sh_BSidesIT 🇫🇷@christophetd @fr0gger_ @kalimer0x00 🇧🇪@RedByte1337 🇨🇿@marektoth 🇬🇧@_mattmuir @johnnyspandex @buffaloverflow +many others
CVE-2025-3831 Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. cve.org/CVERecord?id=C…
You can read about our overall research project at blog.amberwolf.com/blog/2025/augu… and learn about a SAML Authentication bypass in Zscaler (CVE-2025-54982) at blog.amberwolf.com/blog/2025/augu…
Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live.
🤣🤣
United States 트렌드
- 1. Dan Bongino 24.6K posts
- 2. Venezuela 798K posts
- 3. #SantaChat 9,269 posts
- 4. Jack Smith 105K posts
- 5. FBI in January 10.6K posts
- 6. Coinbase 38.3K posts
- 7. Big Christmas 15.8K posts
- 8. Talavera 35.1K posts
- 9. Endrick 17K posts
- 10. #SystemUpdate N/A
- 11. Ewers 13.8K posts
- 12. Thanks Dan 1,006 posts
- 13. Jared Isaacman 4,758 posts
- 14. Bernie 18.9K posts
- 15. Vivek 24.3K posts
- 16. Kawhi 5,257 posts
- 17. Oscars 32.4K posts
- 18. Weaver 8,160 posts
- 19. Old Dominion 1,089 posts
- 20. Fani 38.8K posts
내가 좋아할 만한 콘텐츠
-
Will Schroeder
@harmj0y -
Elad Shamir
@elad_shamir -
Chetan Nayak (Brute Ratel C4 Author)
@NinjaParanoid -
Adam Chester 🏴☠️
@_xpn_ -
Matt Hand
@matterpreter -
James Forshaw
@tiraniddo -
🥝🏳️🌈 Benjamin Delpy
@gentilkiwi -
Lee Chagolla-Christensen
@tifkin_ -
Ryan Cobb
@cobbr_io -
Sean Metcalf
@PyroTek3 -
Matt Nelson
@enigma0x3 -
spotheplanet
@spotheplanet -
Cn33liz
@Cneelis -
Dominic Chell 👻
@domchell -
Panos Gkatziroulis 🦄
@ipurple
Something went wrong.
Something went wrong.