🎥 RECORDED TALK #BlackAlps24 🎥 ⚡⚡⚡ Unveiling the offensive potential of Group Policy Objects in Active Directory: old - and new GPO ACLs attack vectors ⚡⚡⚡ by Quentin Roland (Quentin Roland), Security expert at Synacktiv youtu.be/fAWVHZTmID0 #conference #cybersecurity

GPOddity: automating GPO attack vectors through NTLM relaying meterpreter.org/gpoddity-autom…

Following the recent Synacktiv 's article about abusing WebClient authentications from multicast poisoning, I have made a quick PR on Responder to simplify the setup: github.com/lgandx/Respond…

Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx - Quentin Roland synacktiv.com/publications/a…

Synacktiv was at THConvention this week! For the first talk, Quentin Roland presented "Tapping into the SCCM policies goldmine". For the second talk, Remsio and Kain presented "Deep dive in Laravel encryption". #THCON2025

We still have a few talks for #SSTIC2025 last day! This morning, Hugo Clout presents 2 proxy tools used during pentests 🌐

For our last talk, @croco_byte explains how to exploit SCCM policies to harvest credentials 🔑 #SSTIC2025

Taking the Relaying Capabilities of Multicast Poisoning to the Next Level: Tricking Windows SMB Clients into Falling Back to WEBDAV, by @synacktiv synacktiv.com/publications/t…

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !

Catch us at #DEFCON33! @quent0x1 and Wil will show how to turn your Active Directory into the attacker’s C2. They'll dive deep into how Group Policy Objects can be leveraged for stealthy enumeration and privilege escalation! defcon.org/html/defcon-33… #DEFCON #ActiveDirectory

Don't miss kalimero at #DEFCON33! His talk, "SCCM: The Tree That Always Bears Bad Fruits", covers modern attack paths and abuse techniques in Microsoft SCCM, with a focus on internals, post-exploitation, and persistence! defcon.org/html/defcon-33… #DEFCON #SCCM

My personal #defcon33 highlights: Better tools for GPO exploitation: media.defcon.org/DEF%20CON%2033… Critical vulns in Zscaler and Netskope: media.defcon.org/DEF%20CON%2033… Phishing on official Microsoft login: media.defcon.org/DEF%20CON%2033… SSH vulnerabilities: media.defcon.org/DEF%20CON%2033…

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc kalimero Quentin Roland Wil

The GroupPolicyBackdoor tool, presented at #DEFCON 2025, is now available on Synacktiv's GitHub: github.com/synacktiv/Grou… This python utility offers a stable, modular and stealthy exploitation framework targeting Group Policy Objects in Active Directory!

🛠️ GroupPolicyBackdoor - a python utility for Group Policy Objects (GPOs) manipulation and exploitation. ✅ GPO attack vectors can very often lead to impactful privilege escalation scenarios in Active Directory environments. github.com/synacktiv/Grou…

🧑‍🎓 Boost your offensive Active Directory skills with our Entry & Advanced trainings. Hands-on labs with dozens of machines + latest research from DEFCON, x33fcon & more! Seats are limited, don’t miss out! 🔗 Entry: synacktiv.com/en/offers/trai… 🔗 Advanced: synacktiv.com/en/offers/trai…

How safe is your browser? Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers. Read more here ⬇️ synacktiv.com/en/publication…

Afterwards, the great Quentin Roland took the stage, also at #OrangeCon, to present the authentication relay techniques he discovered earlier this year. As always, he illustrated his talk with a demo, showing that these techniques can be applied to real-world AD environments. 🔥

[Blogpost] Quentin Roland presents how to exploit attack paths related to Active Directory sites' ACLs. As the latter often constitute a blind spot for AD enumeration tools, the article also describes a pull request aiming to integrate them into the BloodHound project: