Digging into how the latest Windows Kubernetes vuln works was a fun way to spend a couple of hours. We've just published some of my notes here: blog.amberwolf.com/blog/2025/janu…

My first CVE with AmberWolf has recently been resolved by Dell. Memory dumps on ThinOS Wyse terminals are not stored encrypted despite the use of FDE. blog.amberwolf.com/blog/2025/june…

If you enjoyed our NachoVPN talk, this is going to be even better, I promise! Come join us in vegas for some ZTNA carnage!

Clearing out the research queue in time for DEFCON, and dropping some new NachoVPN updates! 🌮🔓 Part 1: Ivanti SYSTEM RCE/LPE: blog.amberwolf.com/blog/2025/july…

Part 2: PaloAlto GlobalProtect patch bypass blog.amberwolf.com/blog/2025/augu…

Spotted at a vendor hall near you #ZeroTrustTotalBust #defcon33

Maybe some info at #defcon33 on Saturday, Track 3, 15:30 "Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug"

🤣🤣

Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live.

You can read about our overall research project at blog.amberwolf.com/blog/2025/augu… and learn about a SAML Authentication bypass in Zscaler (CVE-2025-54982) at blog.amberwolf.com/blog/2025/augu…

A special shoutout to the many 🇪🇺European cyber researchers presenting their work at #DEFCON, you were awesome. 🇳🇱Dirk-jan John Fokker 🇮🇹Agostino Panico @localhost 🇫🇷Christophe Tafani-Dereeper Thomas Roccia 🤘 kalimero 🇧🇪Keanu Nys 🇨🇿Marek Tóth 🇬🇧Matt Muir Johnny Fishcake Rich Warren +many others

CVE-2025-3831 Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. cve.org/CVERecord?id=C…

There's a thread on LinkedIn where ZTNA sales folk are using our research to shill their own product - just to be pointed to writeups of the same vulns affecting their own product. It's very entertaining to watch.

Netskope have released NSKPSA-2025-002 / CVE-2025-0309 for one of the privilege escalation vulnerabilities discussed during our #ZeroTrustTotalBust DEFCON talk Full writeup and PoC to follow on the AmberWolf blog😉 netskope.com/company/securi…

Just published the writeup for the "Netskope cross-tenant authentication bypass" featured in our #defcon33 talk #ZeroTrustTotalBust Find the full details here 👇 blog.amberwolf.com/blog/2025/augu… ^We also cover another method to leak those not-so-secret OrgKeys 😉

If you missed the talk, we uploaded the video here: vimeo.com/1109180896

Bug bounty platforms can often be misused as NDA as a service. As a general rule, I avoid reporting via bbp for this very reason

👀

What comes after the patch? Bypass of course! 😜 Delinea Protocol Handler RCE - Return of the MSI. By my colleague Johnny Fishcake blog.amberwolf.com/blog/2025/augu…