Speaking JSON with your web app? You should try our new Burp extension: Burp JQ! Filtering JSON has never been easier :) Good job @__aevy__ ! github.com/synacktiv/burp…

Pentesting the Cisco SDN solution ACI: send the right LLDP packet and the gates will open in CVE-2021-1228... or collapse in CVE-2021-1230! synacktiv.com/publications/p…

ALLES! CTF is over, it was a blast having you <3 Congrats to Synacktiv, C4T BuT S4D, Black Bauhinia for placing top three

Here are the final Master of Pwn standings. Congrats to Synacktiv on claiming the title. It was a close race, but they pull through.

🏆 Team SolarWine SolarWine 2⃣ Team PolandCanIntoSpace Dragon Sector/p4 3⃣ Team DiceGang DiceGang Congrats to all 8 teams who participated in the Hack-A-Sat 2 final event CTF and thank you to everyone who tuned in all weekend! #HAS2Finals

Our ninjas Load., Taryax and Pierre Milioni played with the FortiManager and discovered several authenticated Web vulnerabilities leading to command execution, arbitrary file read and privilege escalation. 4 CVE advisories were released by Fortinet. synacktiv.com/sites/default/…

Croissants, red wine and high-quality offensive security talks in a wonderful place? That's all the Hexacon team is promising for October 2022. Details and Call For Papers are coming very soon... Until then, a bit more teasing for you folks: hexacon.fr #HEXACON2022

If you like 90's style issues, you might want to take a look at our latest finding on elFinder. An old school path traversal, unusually identified in the wild by Gaetan. synacktiv.com/publications/e…

#OSINT seems pretty in vogue these days, would you be able to find Hexacon's venue from where this picture has been taken? It might get you a special reward... #HEXACON2022

If you see two guys wearing Synacktiv t-shirts with big antennas, you should turn around with your Tesla! 0-click RCE demonstration on a real vehicle, with CAN messages sent to switch on headlights, wipers and trunk 😎 #Pwn2Own

⌛️ H-1 before #HEXACON2022 registration opens! 📈 Early bird tickets start at 650€ but are in limited quantity, be prepared! 📢 The remaining tickets will be released after the announcement of the talks in early July

Ninjas are getting ready for #P2OVancouver 💪 #Pwn2Own

Stuck on a blind PHP file-read? Remsio has just built on hashkitten's research using filter chains to trigger an OOM oracle and leak file contents. synacktiv.com/en/publication… x.com/PortSwiggerRes…

Who would win, Grails Spring Security Core or one little semicolon? Our ninjas Taryax and Benjamin SEPE discovered an authorization bypass vulnerability on versions <= 5.1.0 of the plugin during a security assessment. Read more here: synacktiv.com/sites/default/…

Wow! It took the Synacktiv team less than two minutes to demonstrate their exploit of the #Tesla Gateway. If confirmed, they will win $100,000 and a Tesla Model 3 (plus these cool hockey pucks). #Pwn2Own #P2OVancouver

Last sponsor we want to introduce is a special one: it's Synacktiv, the company organizing #HEXACON2023. Leader in offensive security, Synacktiv helps companies assess their networks's security. There will be a lot of ninjas in the conference, feel free to talk to them! 🤗

Our ninjas haven't missed out on Web3. Dive with them into the methods to retrieve the ABI of EVM smart contracts, in black-box! synacktiv.com/publications/e…

Ready for tomorrow? #HEXACON2023

Here are three new GitHub action misconfigurations we found on Azure, Firebase, Swagger and Alibaba! Read the third article in our series on exploiting GitHub Actions by Hugow synacktiv.com/publications/g…

🚨 Still a few days to register for our Azure Intrusion for Red Teamers training at #BHUSA! Very hands-on, full kill chain from zero to Global Admin with stealth in mind. Secure your seat now! blackhat.com/us-25/training…