Breaking into thousands of cloud based VPNs with 1 bug -David Cash, Rich Warren
Dave, Rich
DEF CON 33 (backfill) · Day 1 · Main Stage
In their DEF CON talk, "Zero Trust, Total Bust," Dave and Rich from Amberwolf unveiled a disturbing reality: the much-touted Zero Trust Network Access (ZTNA) solutions, often marketed as the secure successor to legacy VPNs, are frequently riddled with critical vulnerabilities. Through extensive research into popular ZTNA products like Checkpoint Harmony, Zscaler, and NetScope, the presenters demonstrated how fundamental security flaws, ranging from authentication bypasses to privilege escalation and posture check circumvention, undermine the core principles of zero trust.
AI review
Amberwolf delivered exactly what a DEF CON technical track should look like: original, multi-vendor research across Checkpoint, Zscaler, and NetScope with actual CVEs, live demos, and enough implementation detail to reproduce the attacks. The cross-tenant NetScope secure enrollment bypass and the SAML signature presence-not-validity check are genuinely embarrassing findings for vendors charging enterprise premiums on 'never trust, always verify' branding.