Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore critical security vulnerabilities in modern Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) solutions through this 39-minute DEF CON 33 conference talk. Discover how leading cloud-based VPN alternatives from major vendors like ZScaler, Netskope, and Check Point inherit traditional VPN weaknesses while introducing new cloud-specific attack vectors. Learn the methodologies for conducting external reconnaissance against ZTNA platforms and understand techniques for bypassing authentication mechanisms and device posture checks, including hardware ID spoofing methods. Examine how attackers can exploit insecure inter-process communication between ZTNA client components to achieve local privilege escalation and circumvent traffic steering controls to access blocked content. Investigate flaws in authentication flows that can undermine device trust models and see demonstrations of malicious ZTNA servers capable of executing code on connecting clients. Gain insights into previously undisclosed vulnerabilities discovered during the researchers' investigation of these next-generation security solutions, reinforcing that zero trust architectures do not eliminate security risks but rather transform the threat landscape.
