Maxime Escourbiac
@fisjkars.bsky.social
Red Team Leader @Michelin
#Security Fan de gastronomie
#Security Fan de gastronomie
Little introduction for my next talk @hack_lu , this article, co-authored with @cousky_ present all details of the full exploit chain that impacted global protect : blogit.michelin.io/palo-alto-gl...
Palo Alto GlobalProtect : Remote Full Compromise Exploit Chain
Summary
This article delves into vulnerabilities in the Palo Alto GlobalProtect VPN client discovered by Michelin Red Team (Yassine Bengana and Myself) and identified as CVE-2024-5921, CVE-2025-0117...
blogit.michelin.io
September 25, 2025 at 8:41 AM
Little introduction for my next talk @hack_lu , this article, co-authored with @cousky_ present all details of the full exploit chain that impacted global protect : blogit.michelin.io/palo-alto-gl...
Michelin CERT striked back. A regression in #PaloAlto Global Protect (CVE-2025-2183) allowed to fully compromise remotely the workstation. All details will be revealed during my talk at @hack_lu. security.paloaltonetworks.com/CVE-2025-2183
CVE-2025-2183 GlobalProtect App: Improper Certificate Validation Leads to Privilege Escalation
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administr...
security.paloaltonetworks.com
August 14, 2025 at 5:00 PM
Michelin CERT striked back. A regression in #PaloAlto Global Protect (CVE-2025-2183) allowed to fully compromise remotely the workstation. All details will be revealed during my talk at @hack_lu. security.paloaltonetworks.com/CVE-2025-2183
Excited to be a speaker at @hack_lu! Looking forward to discussing vulnerabilities in VPN clients 🇱🇺 #hacklu #cybersecurity
July 18, 2025 at 8:08 PM
Excited to be a speaker at @hack_lu! Looking forward to discussing vulnerabilities in VPN clients 🇱🇺 #hacklu #cybersecurity
🚨 Michelin Red Team starting the year with a bang! Multiple vulnerabilities discovered in VMware Aria Operations (CVE-2025-22218, 22219, 22220, 22221, 22222) 🔥 Time to patch and stay sharp!
🔗 VMware Advisory: support.broadcom.com/web/ecx/supp...
#CyberSecurity #RedTeam #VMware #CVE2025
🔗 VMware Advisory: support.broadcom.com/web/ecx/supp...
#CyberSecurity #RedTeam #VMware #CVE2025
Support Content Notification - Support Portal - Broadcom support portal
support.broadcom.com
January 31, 2025 at 5:30 PM
🚨 Michelin Red Team starting the year with a bang! Multiple vulnerabilities discovered in VMware Aria Operations (CVE-2025-22218, 22219, 22220, 22221, 22222) 🔥 Time to patch and stay sharp!
🔗 VMware Advisory: support.broadcom.com/web/ecx/supp...
#CyberSecurity #RedTeam #VMware #CVE2025
🔗 VMware Advisory: support.broadcom.com/web/ecx/supp...
#CyberSecurity #RedTeam #VMware #CVE2025
Reposted by Maxime Escourbiac
If you missed it, my #DEFCON talk "Exploiting the Unexploitable: Insights from the Kibana Bug Bounty" is now live on YouTube!
youtu.be/H-bhmSwnRdY
youtu.be/H-bhmSwnRdY
DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov
YouTube video by DEFCONConference
youtu.be
November 27, 2024 at 9:08 AM
If you missed it, my #DEFCON talk "Exploiting the Unexploitable: Insights from the Kibana Bug Bounty" is now live on YouTube!
youtu.be/H-bhmSwnRdY
youtu.be/H-bhmSwnRdY
#Michelin CERT was also acknowledged for discovering CVE-2024-38832 and CVE-2024-38833, which affect VMware Aria Operations. Additional vulnerabilities are still undergoing the disclosure process. support.broadcom.com/web/ecx/supp... #security #bugbounty
Support Content Notification - Support Portal - Broadcom support portal
support.broadcom.com
November 27, 2024 at 8:21 AM
#Michelin CERT was also acknowledged for discovering CVE-2024-38832 and CVE-2024-38833, which affect VMware Aria Operations. Additional vulnerabilities are still undergoing the disclosure process. support.broadcom.com/web/ecx/supp... #security #bugbounty
