Olivia
Online
Julian Storr
@Jstorr
Likes creme-eggs, ms08-067, chicken and coffee
Joined March 2008
263 Following
183 Followers
66 Posts
"You need to be admin to run the installer anyway."
A common pushback that misses an entire class of attack. New research from @buffaloverflow on exploiting NSIS installer bugs to escalate from a standard user to SYSTEM in Zscaler Client Connector.
What comes after the patch? Bypass of course! 😜
Delinea Protocol Handler RCE - Return of the MSI. By my colleague @johnnyspandex
https://t.co/1QQfNHB8kU
👀
Who to follow
Ed Williams 🏴 
@dynllandeilo
Dad, husband, brother, son a Chymro. Cyber and hacking. Views do not represent my workplace. ZHlmYWwgZG9uYyBhIGR5ciB5IGdhcnJlZw== 🏴 #bitcoin
Steven Lowson
@StevoLowson
Security Ninja I like to break things 🤓. All tweets/opinions are my own.
Irene Michlin
@IreneMichlin
Yes, you can do secure development in Agile or Lean. #SDLC, #ThreatModeling, #AppSec, #defensivesecurity, #Lean, #Agile, #Kanban
Maybe some info at #defcon33 on Saturday, Track 3, 15:30 "Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug"
🎤 #DEFCON33 - We’re Presenting!
Big news: AmberWolf is hitting the DEF CON 33 stage this August.
Our very own Rich Warren and David Cash (@buffaoverflow and @jonnyspandex respectively) will be presenting Zero Trust, Total Bust – Breaking into thousands of cloud VPNs with one bug
Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS #HackfestHollywood 2024 🌮🔒
Find the details on the @AmberWolfSec blog, along with the individual advisories, including a not-yet-fully fixed PaloAlto GlobalProtect client RCE👀
Today, AmberWolf released two blog posts and our tool "NachoVPN" to target vulnerabilities in major VPNs, including CVE-2024-29014 (SonicWall NetExtender SYSTEM RCE) and CVE-2024-5921 (Palo Alto GlobalProtect RCE and Priv Esc), after our SANS HackFest presentation.🧵
Today, we released details for CVE-2024-45488, an authentication bypass in Safeguard for Privileged Passwords dubbed "Skeleton Cookie" We explain how we discovered it, provide scripts to check vulnerability, and show how it could lead to RCE on the server.
https://t.co/mf3pc1eKOx
AmberWolf researchers Richard Warren and David Cash found high-risk vulnerabilities in Cato Client, including remote code execution and SYSTEM privilege escalation. Learn more in our blog series: https://t.co/LsW6DqHxfv #vulnerability
not sure that its the same post-auth as the itw pulse secure exploit, but its *an* RCE 😛
Still need an auth bypass ..
🚨 SonicWall have released a security update for GMS and Analytics, which addresses 15 vulnerabilities reported by my colleague Sean and myself
Some of the bugs are rated critical (CVSS 9.8), and include RCE, SQLi and auth bypass
Get patching ‼️
https://t.co/b9jwC7DUa0
DroppedConnection - a fake VPN server that captures credentials and executes code via the Cisco AnyConnect client.
https://t.co/X8IlRj8BIt
@nmap I thought the only reason Internet Exploder still exists was to download hacking tools and malware...
Stealing NetNTLM hashes using Outlook signatures https://t.co/vigXbI5Yan
@HSBC - How is your verification that this is a "Genuine Call" a spoofable SMS which provides a phone number to call back? #securitytheatre
"The enemy does not check your risk register prior to attacking." - Sun Tzu, The Art of Cyber War
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers