Maxime Escourbiac
Maxime Escourbiac is the Red Team Leader at Michelin CERT, specializing in offensive security, penetration testing, and advanced vulnerability exploitation. He has contributed to the discovery of vulnerabilities in widely used products such as PAN-OS, Grafana, VMware Aria Operations, Backstage, Artifactory, and ForgeRock AM.
Session
This session provides an in-depth analysis of multiple critical vulnerabilities discovered by Michelin CERT in the Palo Alto Networks GlobalProtect VPN client, referenced as CVE-2024-5921, CVE-2024-3390, CVE-2024-3391, CVE-2024-3392 and CVE-2025-0118.
The research highlights how attackers on the same network can exploit weaknesses in certificate verification, root CA management, embedded browser authentication, and client-server communications to achieve remote code execution and privilege escalation on Windows workstations.