Hugow (@hugow_vincent) 's Twitter Profile
Hugow

@hugow_vincent

Security researcher && cat memes.

Climb/fly sometimes 🪂

ID: 2312645583

calendar_today29-01-2014 20:15:03

2,2K Tweet

873 Followers

925 Following

Synacktiv (@synacktiv) 's Twitter Profile Photo

For the second year in a row, we managed to get first place at the #HackTheBox Business #CTF 2025! 🥇 Congratulations to GMOサイバーセキュリティ byイエラエ株式会社【公式】 and Downscope and thanks to Hack The Box for the fun challenges! 🥳

For the second year in a row, we managed to get first place at the #HackTheBox Business #CTF 2025! 🥇 Congratulations to <a href="/gmo_ierae/">GMOサイバーセキュリティ byイエラエ株式会社【公式】</a> and Downscope and thanks to <a href="/hackthebox_eu/">Hack The Box</a> for the fun challenges! 🥳
Synacktiv (@synacktiv) 's Twitter Profile Photo

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

Laluka@OffenSkill (@thelaluka) 's Twitter Profile Photo

💣 Hello 💣 Rien de prévu le 1er Juiller au soir ? Cool. Maintenant oui ! 😎 RDV Mardi 1er Juillet à 21h sur twitch.tv/thelaluka ! STOP, je te connais ! Ouvre tout de suite ton gcal/outlook/kcal/any et note cette date >maintenant< avant de l'oublier ! 😂 Au programme ! -

💣 Hello 💣

Rien de prévu le 1er Juiller au soir ?
Cool. Maintenant oui ! 😎

RDV Mardi 1er Juillet à 21h sur twitch.tv/thelaluka !
STOP, je te connais ! Ouvre tout de suite ton gcal/outlook/kcal/any et note cette date &gt;maintenant&lt; avant de l'oublier ! 😂

Au programme !
-
Coffin (@coffinxp7) 's Twitter Profile Photo

Finally, here’s the detailed article where I walk you through, step by step how to find this vulnerability in real bug bounty programs. Now you can learn more effectively and apply it with confidence infosecwriteups.com/the-most-under…

Dirk-jan (@_dirkjan) 's Twitter Profile Photo

How not to do multi-tenant apps. Nice find by from modzero, compromising Synology Active Backup client secrets (from the Synology tenant) during installation 🤦 modzero.com/en/blog/when-b…

Synacktiv (@synacktiv) 's Twitter Profile Photo

🔐 Data encryption in Laravel environments is based on one secret: the APP_KEY. Our ninja Remsio studied the impact of its leakage on the internet during an entire year. synacktiv.com/en/publication…

WaaWaa (@frodosobon) 's Twitter Profile Photo

Red teaming will go back ten years ago. Proxy Socks (nothing better than chisel) and no Fork&Run / BOF ... Only proxychains

VCSLab (@vcslab) 's Twitter Profile Photo

🚨 Shocking impact from the SharePoint vulnerability we found at Pwn2Own! 😱 Despite our efforts to patch it 🤝, many systems are still at risk ⚠️. Secure yours now! 🔒 Details: blog.viettelcybersecurity.com/toolshell-a-cr…

Laluka@OffenSkill (@thelaluka) 's Twitter Profile Photo

Vous êtes vous déjà demandé pourquoi PARFOIS il n'y a pas stream ??? Well, soit boulot, soit... CA ! 😇 youtube.com/watch?v=6gkX2Y…

Vous êtes vous déjà demandé pourquoi PARFOIS il n'y a pas stream ???
Well, soit boulot, soit... CA ! 😇
youtube.com/watch?v=6gkX2Y…
Synacktiv (@synacktiv) 's Twitter Profile Photo

Catch us at #DEFCON33! @quent0x1 and Wil will show how to turn your Active Directory into the attacker’s C2. They'll dive deep into how Group Policy Objects can be leveraged for stealthy enumeration and privilege escalation! defcon.org/html/defcon-33… #DEFCON #ActiveDirectory

Catch us at #DEFCON33!
@quent0x1 and <a href="/wil_fri3d/">Wil</a> will show how to turn your Active Directory into the attacker’s C2. They'll dive deep into how Group Policy Objects can be leveraged for stealthy enumeration and privilege escalation! defcon.org/html/defcon-33…
#DEFCON #ActiveDirectory
Synacktiv (@synacktiv) 's Twitter Profile Photo

Don't miss kalimero at #DEFCON33! His talk, "SCCM: The Tree That Always Bears Bad Fruits", covers modern attack paths and abuse techniques in Microsoft SCCM, with a focus on internals, post-exploitation, and persistence! defcon.org/html/defcon-33… #DEFCON #SCCM

Don't miss <a href="/kalimer0x00/">kalimero</a> at #DEFCON33! 
His talk, "SCCM: The Tree That Always Bears Bad Fruits", covers modern attack paths and abuse techniques in Microsoft SCCM, with a focus on internals, post-exploitation, and persistence! defcon.org/html/defcon-33…
#DEFCON #SCCM
Wil (@wil_fri3d) 's Twitter Profile Photo

gpoParser, which I presented at #leHACK2025 and #DEFCON, is available here: github.com/synacktiv/gpoP… It is a specialized utility designed to enumerate Group Policy Objects (GPOs) and identify potential security misconfigurations.

Adnan Khan (@adnanthekhan) 's Twitter Profile Photo

I don’t think people realize how bad this bug could have been. The fact they were vending a multi-tenant GitHub app private key into a customer container is just 🤯. How can you look at yourself and ship that? research.kudelskisecurity.com/2025/08/19/how…

watchTowr (@watchtowrcyber) 's Twitter Profile Photo

We're back - returning to the scene of the "crime" - to demonstrate 2 pre-auth RCE chains against Commvault (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, CVE-2025-57791) Enjoy, and speak soon 😉 labs.watchtowr.com/guess-who-woul…

Dirk-jan (@_dirkjan) 's Twitter Profile Photo

If you didn't find my Black Hat / Def Con slides yet, they are available on dirkjanm.io/talks . Also includes the demo videos where I use actor tokens from on-prem to access SharePoint online and get Global Admin.

noperator (@noperator) 's Twitter Profile Photo

A new tool: Slice 🔪 With the help of build-free CodeQL and Tree-Sitter, Slice can help GPT-5 can reliably reproduce discovery of CVE-2025-37778: use-after-free vulnerability in the Linux kernel! noperator.dev/posts/slice/

A new tool: Slice 🔪 With the help of build-free CodeQL and Tree-Sitter, Slice can help GPT-5 can reliably reproduce discovery of CVE-2025-37778: use-after-free vulnerability in the Linux kernel! noperator.dev/posts/slice/
Lampros (@lampnout) 's Twitter Profile Photo

Looking at a Roadrecon collection through the lenses of SQLiteBrowser may pay dividends. It allows you to perform custom SQL queries and, overall, search intelligently. For this purpose I'm publishing a list of Roadrecon-compatible SQL queries stmxcsr.com/micro/roadreco…

Synacktiv (@synacktiv) 's Twitter Profile Photo

DCOM is everywhere, but its inner workings feel like black magic. 🪄 Unveil the mystery with Kévin Tellier's new article on DCOM basics. Trust us, it's way cooler than it sounds! synacktiv.com/en/publication…

DCOM is everywhere, but its inner workings feel like black magic. 🪄 Unveil the mystery with <a href="/k3vinTell/">Kévin Tellier</a>'s new article on DCOM basics. Trust us, it's way cooler than it sounds!

synacktiv.com/en/publication…
Dirk-jan (@_dirkjan) 's Twitter Profile Photo

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Synacktiv (@synacktiv) 's Twitter Profile Photo

How safe is your browser? Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers. Read more here ⬇️ synacktiv.com/en/publication…