Clearing out the research queue in time for DEFCON, and dropping some new NachoVPN updates! 🌮🔓
Part 1: Ivanti SYSTEM RCE/LPE:
blog.amberwolf.com/blog/2025/ju...
29.07.2025 15:26 — 👍 2 🔁 0 💬 0 📌 0
d3bfdeed17448756d36a326f0b7972162b7f67951df6d2004faa196444b6c5aa 🙃
27.11.2024 22:39 — 👍 1 🔁 0 💬 0 📌 0
Thanks, Cas! Hoping we get to hear some Red Team war stories from its use at the next RedTreat 😃
26.11.2024 17:46 — 👍 1 🔁 0 💬 0 📌 0
Let's see how bsky handles videos ..
26.11.2024 14:35 — 👍 1 🔁 0 💬 0 📌 0
For anyone mad at Palo Alto for pushing out a limited fix, just remember that other vendors (*cough* Ivanti) consider 1-click RCE from a browser .. a feature 😜
www.reddit.com/r/paloaltone...
26.11.2024 13:02 — 👍 1 🔁 0 💬 2 📌 0
Introducing NachoVPN: One VPN Server to Pwn Them All
AmberWolf Security Research Blog
New platform, who dis? It me, and @johnnyspandex.bsky.social dropping some VPN client exploit freshness! 🌮🔒
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:
blog.amberwolf.com/blog/2024/no...
26.11.2024 10:47 — 👍 14 🔁 12 💬 0 📌 2
Privilege Escalation Engineer
Principal Consultant @ Reversec (formerly WithSecure Consulting)
Security researcher in Google Project Zero. Author of Attacking Network Protocols. Posts are my own etc.
Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things.
Cyber stuff. Guitarist. Runner. Xennial. Cat lover. Bon viveur. Closet comedian.
Views not my own they made me say it.
Offensive Cyber, Risk Management & Governance, Vulnerability Research and Technical Due Diligence
Hacker & CEO @SocialProofSec security awareness/social engineering training, videos, talks | 3X @DEFCON🥈 | Chair @WISPorg | @CISAgov Technical Advisory Council under Director Jen Easterly
BleepingComputer is a premier destination for cybersecurity news for over 20 years, delivering breaking stories on the latest hacks, malware […]
[bridged from https://bleepingcomputer.com/ on the web: https://fed.brid.gy/web/bleepingcomputer.com ]
Placeholder profile : https://x.com/cyb3rops | glad to be in this respectful safe space | vi/vim
Director of Research at @portswigger.net
Also known as albinowax
Portfolio: https://jameskettle.com/
Wannabe security guy. Director @ Zero-Point Security.
Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴
Author of poorly coded tools: https://github.com/CCob
Researcher @SpecterOps. Coding towards chaotic good while living on the decision boundary. #dontbanequality
@Straiker. Ex-Microsoft. Ex-Meta RedTeam, Ex-Endgame, Ex Fireeye. malwareunicorn.org
Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc) ; https://hasherezade.net
The largest collection of malware source code, samples, and papers on the internet.
Password: infected
(unofficial, this is a bot! Maintained by @yjb.bsky.social, the bot can't handle retweets, video, and maybe a few other things)
Hacker, Security Engineer and Researcher.
https://dtm.uk/
Threat Intel @volexity.com n stuff.
London, UK.
