Rich Warren

@buffaloverflow.rw.md

Red Team & Offensive Security Research @amberwolfsec.bsky.social

257
Followers 52
Following 6
Posts 01.11.2024
Joined

Posts Following

Latest posts by Rich Warren @buffaloverflow.rw.md

Clearing out the research queue in time for DEFCON, and dropping some new NachoVPN updates! 🌮🔓

Part 1: Ivanti SYSTEM RCE/LPE:

blog.amberwolf.com/blog/2025/ju...

29.07.2025 15:26 👍 2 🔁 0 💬 0 📌 0

Delinea Protocol Handler - Remote Code Execution via Update Process (CVE-2024-12908) AmberWolf Security Research Blog

Some Christmas cheer with @buffaloverflow.rw.md . A nice bug in the URL handler for Delinea Secret Server.

blog.amberwolf.com/blog/2024/de...

26.12.2024 12:17 👍 3 🔁 3 💬 0 📌 0

d3bfdeed17448756d36a326f0b7972162b7f67951df6d2004faa196444b6c5aa 🙃

27.11.2024 22:39 👍 1 🔁 0 💬 0 📌 0

Thanks, Cas! Hoping we get to hear some Red Team war stories from its use at the next RedTreat 😃

26.11.2024 17:46 👍 1 🔁 0 💬 0 📌 0

Let's see how bsky handles videos ..

26.11.2024 14:35 👍 1 🔁 0 💬 0 📌 0

For anyone mad at Palo Alto for pushing out a limited fix, just remember that other vendors (*cough* Ivanti) consider 1-click RCE from a browser .. a feature 😜

www.reddit.com/r/paloaltone...

26.11.2024 13:02 👍 1 🔁 0 💬 2 📌 0

Introducing NachoVPN: One VPN Server to Pwn Them All AmberWolf Security Research Blog

New platform, who dis? It me, and @johnnyspandex.bsky.social dropping some VPN client exploit freshness! 🌮🔒

Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS HackFest Hollywood. Get it on the @amberwolfsec.bsky.social blog:

blog.amberwolf.com/blog/2024/no...

26.11.2024 10:47 👍 13 🔁 11 💬 0 📌 2