Blog Security Research Living off the VPN — Exploring VPN Post-Exploitation Techniques Ori David is a Security Researcher at Akamai. His research is focused on offensive security, malware analysis, and threat hunting.  What can an attacker accomplish while using only the VPN management interface? Executive summary \r\n \r\n In this blog post, Akamai researchers highlight the overlooked threat of VPN post-exploitation; that is, we address techniques that can be used by threat actors after compromising a VPN server to further escalate their intrusion. \r\n \r\n Our findings include several vulnerabilities that affected Ivanti Connect Secure and FortiGate VPNs. \r\n \r\n In addition to the vulnerabilities, we detail a set of no-fix techniques that can affect the Ivanti Connect Secure and FortiGate products, and potentially other VPN servers, as well.…