Maxime Escourbiac's Avatar

Maxime Escourbiac

@fisjkars

Red Team Leader @Michelin #Security Fan de gastronomie

380
Followers 75
Following 6
Posts 13.11.2024
Joined
Posts Following

Latest posts by Maxime Escourbiac @fisjkars

Palo Alto GlobalProtect : Remote Full Compromise Exploit Chain Summary This article delves into vulnerabilities in the Palo Alto GlobalProtect VPN client discovered by Michelin Red Team (Yassine Bengana and Myself) and identified as CVE-2024-5921, CVE-2025-0117...

Little introduction for my next talk @hack_lu , this article, co-authored with @cousky_ present all details of the full exploit chain that impacted global protect : blogit.michelin.io/palo-alto-gl...

25.09.2025 08:41 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
CVE-2025-2183 GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation An insufficient certificate validation issue in the Palo Alto Networks GlobalProtectβ„’ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administr...

Michelin CERT striked back. A regression in #PaloAlto Global Protect (CVE-2025-2183) allowed to fully compromise remotely the workstation. All details will be revealed during my talk at @hack_lu. security.paloaltonetworks.com/CVE-2025-2183

14.08.2025 17:00 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Excited to be a speaker at @hack_lu! Looking forward to discussing vulnerabilities in VPN clients πŸ‡±πŸ‡Ί #hacklu #cybersecurity

18.07.2025 20:08 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Support Content Notification - Support Portal - Broadcom support portal

🚨 Michelin Red Team starting the year with a bang! Multiple vulnerabilities discovered in VMware Aria Operations (CVE-2025-22218, 22219, 22220, 22221, 22222) πŸ”₯ Time to patch and stay sharp!

πŸ”— VMware Advisory: support.broadcom.com/web/ecx/supp...

#CyberSecurity #RedTeam #VMware #CVE2025

31.01.2025 17:30 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov
DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov YouTube video by DEFCONConference

If you missed it, my #DEFCON talk "Exploiting the Unexploitable: Insights from the Kibana Bug Bounty" is now live on YouTube!

youtu.be/H-bhmSwnRdY

27.11.2024 09:08 πŸ‘ 13 πŸ” 6 πŸ’¬ 1 πŸ“Œ 1
Support Content Notification - Support Portal - Broadcom support portal

#Michelin CERT was also acknowledged for discovering CVE-2024-38832 and CVE-2024-38833, which affect VMware Aria Operations. Additional vulnerabilities are still undergoing the disclosure process. support.broadcom.com/web/ecx/supp... #security #bugbounty

27.11.2024 08:21 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

#Michelin CERT was acknowledged for identifying CVE-2024-5921, which impacts #PaloAlto GlobalProtect. A detailed report was sent to their PSIRT team on February 26th, demonstrating how to impersonate a legitimate portal and fully compromise a workstation. #security

26.11.2024 15:01 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0