VPNs are often used by organizations for secure remote access, but the AmberWolf researchers showed that the attack surface they introduce should not be ignored. They also published an open source tool named NachoVPN, which demonstrates the attack against Palo Alto Networks and SonicWall VPNs through recently patched vulnerabilities, as well as against Cisco AnyConnect and Ivanti Connect Secure through older flaws. The tool’s plugin-based architecture enables users to add support for other products as well. The attack, which works on both Windows and macOS, leverages the trust relationship between the VPN client and the server. NachoVPN is designed to simulate a rogue VPN server that can exploit vulnerabilities in the VPN clients connecting to it.