On m'y way to #HEXACON2023 👍👍👍

We spent two awesome days at #HEXACON2023 with some of our ninjas!

Our ninja Remsio is currently talking about PHP filter chains at hack_lu

This was pretty stressful but lot of fun :) 🥷

Setting up the RF enclosure for the next #Wyze camera exploit at #Pwn2Own Toronto

Success! Synacktiv was able to execute a heap-based buffer overflow in the kernel triggered via WiFi and leading to RCE against the Wyze Cam v3. They earn $15,000 and 3 Master of Pwn points. #Pwn2Own

Congratz to our ninjas 🥷 for winning the European Cyber Week finals in the professional category!

Our ninjas, myr and Pierre Milioni, have uncovered various vulnerabilities in Peplink Balance Two devices, including command injection and authorization issues. Secure your devices: upgrade to version 8.4.0! 🔒 Get full technical details here: synacktiv.com/sites/default/…

To facilitate reverse-engineering of large programs, vulnerability research and root-cause analysis on iOS, Android, and other major platforms, myr and Hexa released Frinet, a tool combining Frida with an enhanced version of Tenet. synacktiv.com/publications/f…

Things are going pretty well so far 🚗 #Pwn2Own

Save the date for #HEXACON2024 ✨ 📅 4th & 5th of October 2024 Same place, same team, even more root shells 🔥 More details coming soon… hexacon.fr

Synacktiv is looking for an additional team leader for its Reverse-Engineering Team! Find out if you are a good candidate by reading our offer (🇫🇷). synacktiv.com/responsable-de…

Most impressive! The ninjas from Synacktiv needed less that 30 seconds to demonstrate their exploit on the Tesla ECU with Vehicle (VEH) CAN BUS Control. The attempt was done in an RF enclosure to ensure no passers by were impacted. #Pwn2Own

Really proud to have 3 talks accepted for offensivecon! Congratz Quentin M, vdehors, David B and Lucas Georges 🥳 offensivecon.org/speakers/

🍻 Le prochain Bière&Sécu Lyon aura lieu mardi 16 avril à 19:00 au Peaky Blinders ! Au programme : - "Jia Tan, sa vie, son œuvre et la backdoor xz" - Mitsurugi Heishiro - "Falco + Kube = Max(Count(RCE))" - Laluka@OffenSkill - "Les vrais hackers ne laissent pas de traces" - BlackOut

A few tickets for #HEXACON2024 are still on sale, don't miss them! Register for our top-notch trainings and learn from the best in the industry 🎓 hexacon.fr/register/

[ZDI-24-837|CVE-2024-6246] (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability (CVSS 9.6; Credit: vdehors, Mitsurugi Heishiro, Areizen from Synacktiv) zerodayinitiative.com/advisories/ZDI…

Can LLM help vulnerabilty researcher to find vulns? Short answer : no Long answer : also no, but explained in a blogpost 😆 0x90909090.blogspot.com/2024/09/using-…