Rich Warren
@buffaloverflow.rw.md
Red Team & Offensive Security Research @amberwolfsec.bsky.social
Clearing out the research queue in time for DEFCON, and dropping some new NachoVPN updates! 🌮🔓
Part 1: Ivanti SYSTEM RCE/LPE:
blog.amberwolf.com/blog/2025/ju...
Part 1: Ivanti SYSTEM RCE/LPE:
blog.amberwolf.com/blog/2025/ju...
blog.amberwolf.com
July 29, 2025 at 3:26 PM
Clearing out the research queue in time for DEFCON, and dropping some new NachoVPN updates! 🌮🔓
Part 1: Ivanti SYSTEM RCE/LPE:
blog.amberwolf.com/blog/2025/ju...
Part 1: Ivanti SYSTEM RCE/LPE:
blog.amberwolf.com/blog/2025/ju...
Reposted by Rich Warren
Some Christmas cheer with @buffaloverflow.rw.md . A nice bug in the URL handler for Delinea Secret Server.
blog.amberwolf.com/blog/2024/de...
blog.amberwolf.com/blog/2024/de...
Delinea Protocol Handler - Remote Code Execution via Update Process (CVE-2024-12908)
AmberWolf Security Research Blog
blog.amberwolf.com
December 26, 2024 at 12:17 PM
Some Christmas cheer with @buffaloverflow.rw.md . A nice bug in the URL handler for Delinea Secret Server.
blog.amberwolf.com/blog/2024/de...
blog.amberwolf.com/blog/2024/de...
d3bfdeed17448756d36a326f0b7972162b7f67951df6d2004faa196444b6c5aa 🙃
November 27, 2024 at 10:39 PM
d3bfdeed17448756d36a326f0b7972162b7f67951df6d2004faa196444b6c5aa 🙃
For anyone mad at Palo Alto for pushing out a limited fix, just remember that other vendors (*cough* Ivanti) consider 1-click RCE from a browser .. a feature 😜
www.reddit.com/r/paloaltone...
www.reddit.com/r/paloaltone...
November 26, 2024 at 1:02 PM
For anyone mad at Palo Alto for pushing out a limited fix, just remember that other vendors (*cough* Ivanti) consider 1-click RCE from a browser .. a feature 😜
www.reddit.com/r/paloaltone...
www.reddit.com/r/paloaltone...
New platform, who dis? It me, and @johnnyspandex.bsky.social dropping some VPN client exploit freshness! 🌮🔒
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...
Introducing NachoVPN: One VPN Server to Pwn Them All
AmberWolf Security Research Blog
blog.amberwolf.com
November 26, 2024 at 10:47 AM
New platform, who dis? It me, and @johnnyspandex.bsky.social dropping some VPN client exploit freshness! 🌮🔒
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...