I hope everyone got some rest after DownUnderCTF this weekend. My colleague hashkitten wrote up a blog post on a novel technique for SQL Injection in PDO's prepared statements, required to exploit the “legendary” challenge, which only got one solve: slcyber.io/assetnote-secu…

We made it to MSRC 2025 Most Valuable Security Researcher leaderboard 🥳 Congratulations to all the other researchers! msrc.microsoft.com/leaderboard

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

Catch us at #DEFCON33! @quent0x1 and Wil will show how to turn your Active Directory into the attacker’s C2. They'll dive deep into how Group Policy Objects can be leveraged for stealthy enumeration and privilege escalation! defcon.org/html/defcon-33… #DEFCON #ActiveDirectory

Don't miss kalimero at #DEFCON33! His talk, "SCCM: The Tree That Always Bears Bad Fruits", covers modern attack paths and abuse techniques in Microsoft SCCM, with a focus on internals, post-exploitation, and persistence! defcon.org/html/defcon-33… #DEFCON #SCCM

Oh mom, I am in Phrack Zine! #why2025

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc kalimero Quentin Roland Wil

Turns out my #PHRACK article is live! 🔥 > The Art of PHP — My CTF Journey and Untold Stories! Kinda a love letter to those CTF players & PHP nerds! Hope all the credit goes to the right ppl. Also huge thanks to [email protected] for not forgetting me, TMZ for the edits, and the

Special surprise for NULLCON people in Berlin! Get a printed copy of Phrack during registration tomorrow (while supplies last). Stickers will be available around the conference too!

Exploiting LiveWire by Remi & Pierre from Synacktiv team ! #nullconBerlin2025

Exceptionnally back on X for that. If you are a Magento or Adobe Commerce user, patch as soon as possible - the patch of my bug will be released imminently. This has one of the most severe impact possible, and is easy to trigger. Expect attacks, very soon. #magento #ecommerce

Release is out : helpx.adobe.com/security/produ… This patches a pre-auth RCE and a customer ATO that I found a few days ago on Adobe Commerce and Magento. If you're using it, patch asap! This wouldn't be surprising to see TA using them in a few hours or days, at most. #magento

Hey Folks The program for this year is now almost full announced 🥳 Still hesitating to come this year? You won't hesitate a single second once you've seen the conference program 📢 We will soon be announcing the sale of tickets dates, the list of workshops and the hoodie designs

First, Remsio and Worty shared their research on Livewire's unmarshalling mechanism at NULLCON Berlin. They demonstrated how to achieve RCE with the APP_KEY and extended their laravel-crypto-killer tool to automate the process. Stay tuned, something big is coming... 👀

Then, it was Riadh's turn to present his research about Chromium extensions at OrangeCon. In this talk, he explained how to circumvent the security measures in Chromium's extensions loading mechanism and showcased an exploitation toolkit he built. 🛠️

Afterwards, the great Quentin Roland took the stage, also at #OrangeCon, to present the authentication relay techniques he discovered earlier this year. As always, he illustrated his talk with a demo, showing that these techniques can be applied to real-world AD environments. 🔥

Finally, noraj talked about Unicode-based exploitation primitives at SEC-T. He explained the core concepts of Unicode and presented several security issues that can stem from its complexity. 🤯 The recording is available here: youtube.com/watch?v=3JFQ5v….

🚨 Our two ninjas, Mallo and Thibaut Queney, found two vulnerabilities on Snipe-IT that can be chained by an authenticated attacker to achieve remote command execution on the server. Read the security advisory for more details: synacktiv.com/advisories/sec…

The web is a prime target for attackers. Want to refine your intrusion methods? Join our ‘Attacking Web Applications’ training course from 17 to 21 November! ▪️ 5 days of expertise ▪️ 35 hours of lessons, more than 30 exercises ▪️ Java, PHP, Python, ASP.NET...

In our new blogpost, noraj shows how one can abuse Unicode characters to bypass filters and abuse shell globbing, regexp, HTTP query parameters or WAFs when #MySQL strict SQL mode is off 👇 synacktiv.com/en/publication…