My #DEFCON32 talk is out. youtu.be/11Yv2Ru7gF8

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. ambionics.io/blog/lightyear…

LIGHTYEAR: - Can dump large files, even through a GET parameter - Retrieves characters using dichotomy - Does not cause PHP warnings

🔐 CVE-2024-50340: Ability to change environment from query ➡️ symfony.com/blog/cve-2024-… #symfony

cfreal.bsky.social

🧵My latest blog post is live 🔥 Read it to learn what SafeMarshal is and *two* very different ways to escape and get RCE! nastystereo.com/security/ruby-…

This year again, I am lucky enough to get nominated twice for the Top Ten Hacking Techniques, for my research on iconv and PHP, and lightyear. This time feels a bit special however, as these are my last blog posts on Ambionics Security. ambionics.io/blog/iconv-cve… ambionics.io/blog/lightyear…

#ten (and thus my exploits) is now compatible with python 3.13. Thanks Antoine Cervoise for the heads up.

🔥 The "impossible" XXE in PHP? Not so impossible anymore. Our researcher Aleksandr Zhurnakov discovered an interesting combination of PHP wrappers and a feature of XML parsing in libxml2 to exploit it. Read: swarm.ptsecurity.com/impossible-xxe…

Great new PHP research, especially since it uses both wrapwrap and lightyear!

Passionate about hacking & cybersecurity? Airbus is looking for a Vulnerability Research & Exploitation Specialist in France! 💻 Reverse engineering, Red Teaming ✈️Join a global aerospace & defense leader Apply now! 🚀 ag.wd3.myworkdayjobs.com/en-US/Airbus/j…

#vulhub #CyberSecurity #opensource #infosec Announcing some exciting news from the Vulhub project! We've been busy making big improvements: 1⃣. Completely rebuilt our website from the ground up! Check it out: vulhub.org

The subtitle of this blog is "a plea to security news outlets to please do their due diligence before slapping 'exploited in the wild' headlines on new CVEs" rapid7.com/blog/post/2025…

Synacktiv is looking for an additional team leader in Paris for its Reverse-Engineering Team! Find out if you are a good candidate by reading our offer (🇫🇷). synacktiv.com/responsable-eq…

🚨 New unauthenticated #RCE module for vBulletin 5.1.0-6.0.3 landed in Metasploit! No CVE assigned, but credit to Egidio Romano (EgiX) for the original write-up: karmainsecurity.com/dont-call-that… 🔗 PR: github.com/rapid7/metaspl…

Just finished my talk at #securityfest, you can find all the details in my latest blog post: blog.scrt.ch/2025/06/04/son…

Check out our first blog post about V8 CVE-2024-12695: bugscale.ch/blog/dissectin…

lightyear just got 6 times faster! Although I now work at Synacktiv, I proposed a PR for the tool to support threading and compression, greatly reducing the time required to dump a file. Dumping the demo /etc/passwd now takes 48s instead of 5m30. github.com/ambionics/ligh…

This article by Nicolas Stefanski at Synacktiv provides a high quality technical overview of our hardened_malloc project used in GrapheneOS: synacktiv.com/en/publication… It has great coverage of the memory layout, memory tagging integration, slab quarantines and allocation approach.

🔔 New research from Lexfo on pre- & post-authentication vulnerabilities in WSO2 products — uncovering bypasses, RCE, SSRF, CSRF, and account-takeover risks. See our detail article → blog.lexfo.fr/wso2.html #cybersecurity #infosec #offensivesecurity #pentest #WSO2