Fortinet is a prominent cybersecurity company that offers a wide range of products designed to protect organizations from various threat actors. Among these, their endpoint protection solution is often considered a critical component in achieving a "hermetic" security posture, securing every endpoint within an organization. However, as with any security solution, there is an inherent risk: the same technology that defends against attacks can, if compromised, serve as a gateway for attackers to infiltrate entire networks.

What happens when the very tool designed to protect an organization becomes a potential vulnerability?
In this talk, we will explore our research into Fortinet’s endpoint agent solution, revealing how attackers could exploit flaws within the software to compromise all machines in an organization. We’ll discuss the dual-edged nature of endpoint protection: while it serves as a frontline defense, it also presents a unique attack surface. Through both high-level and low-level research, we’ll demonstrate how an adversary could leverage vulnerabilities within Fortinet's product to bypass security mechanisms, escalate privileges, and ultimately take control of an organization's network.