Sometimes, the obstination of our Linux fans leads to interesting findings on iOS USB networking. Have a look at our latest blogpost by Flo
synacktiv.com/publications/i…

👻 Phantom types are not as scary as they sound! In our latest article, bartavelle introduces advanced type system features, and a way to model them in many languages.
synacktiv.com/publications/s…

Explore new ways to easily perform DLL Hijacking for lateral movement using DCOM with our new tool DLHell by Kévin Tellier now available on Github! github.com/synacktiv/DLHe…

Registration for #HEXACON2024 awesome trainings will open next Monday!

➡️ hexacon.fr/trainings/
9⃣ High-quality courses
📆 4 days | 30/09-03/10 2024
💶 4200€

Kubernetes bootstrap tokens streamline the process of deploying nodes' TLS certificates.
Paul Barbé & Scouty studied how these tokens could be exploited in AKS, leading to compromise of the whole cluster.
synacktiv.com/publications/s…

In our latest blogpost, Quentin Roland presents an often overlooked AD attack surface related to OUs ACLs,with the release of a dedicated exploitation tool, OUned.py (github.com/synacktiv/OUned).
synacktiv.com/publications/o…

We are starting a new series of blog posts on post-quantum cryptography! Check-out our first article which gives an introduction to modern cryptography concepts.
synacktiv.com/en/publication…

Optimize your password spraying attacks & defenses by checking our latest blogpost on the Banned Password Lists (BPL) mechanism of Entra ID Password Protection: synacktiv.com/en/publication…

Interested in finding and exploiting vulnerabilities in old video games? If so, you'll love our latest blogpost on American Conquest by Tomtombinary!
synacktiv.com/publications/e…

During a research on PHP filters, our expert Walleza found an authenticated file read on iTop versions between 3.0.0 and 3.0.4. Update now and read the security advisory:
synacktiv.com/advisories/fil…

#HEXACON2024 officially kicks off! 📣

We start by announcing our trainings for the next edition: hexacon.fr/trainings/

Training registrations will open in May

☁️ Whether it's on premises or in the cloud, a domain is a domain.

💪 Flex your intrusion muscles with Wil and Hugow's training!

➡️ hexacon.fr/trainer/vincen…
📆 30/09-03/10 2024
📍Espace Vinci, Rue des Jeuneurs, Paris

Take advantage of finding 🍏 iOS vulnerabilities while you can, in 30 years there won't be any.

Bootstrap your iOS research at #HEXACON2024 thanks to Quentin M and Etienne Helluy-Lafont:

➡️hexacon.fr/trainer/meffre…
📆 30/09-03/10 2024
📍Espace Vinci, Rue des Jeuneurs, Paris

And since good news never come alone, we also have 4 talks accepted for SSTIC! GG Julien Legras, kalimero, Hugow, myr and Hexa 👏
sstic.org/2024/programme/

Really proud to have 3 talks accepted for offensivecon! Congratz Quentin M, vdehors, David B. and Lucas Georges 🥳
offensivecon.org/speakers/

Time for our last talk at #THCon , with Remsio explaining how to use PHP filter chains ⛓️

It's already #THCon day 2! To start the day after the keynote, t0 presents how to perform fault injection ⚡

Just after the break, F4b presented the pre-challenge solution #THCon

We're at THConvention! For our first talk, JB Cayrou will explain how he tried to exploit a nice bug in Ubuntu ShiftFS 🔥

Friendly reminder: if you're around for #THCon , come and grab a free beer 🍻