A few months ago, the FreeBSD Foundation appointed us to audit two #FreeBSD critical components: the Bhyve hypervisor and the Capsicum sandboxing framework. Today, related advisories and patches have come out 🧵 1. Multiple vulnerabilities in libnv freebsd.org/security/advis…

Thanks Jeremy Fetiveau for an awesome party last night! It was great meeting old friends and making new ones! See you all soon in Korea! Gyorgy Miru (Gym) Filippo Roncari POC_Crew 👨‍👩‍👦‍👦 Leone Eloi Benoist-Vanderbeken

Octoscan, our GitHub actions vulnerability scanner, is now available as a GitHub action! It will find vulnerabilities in new commits and pull requests, and upload it to GitHub as it now supports the SARIF file format! github.com/synacktiv/acti…

Better late than never... My Hexacon 2023 slides for "Finding and Exploiting an Old XNU Logic Bug" and the exploit code (WITH THE ANIMATED ASCII ART 🥷🔪🍎!!!) are up synacktiv.com/sites/default/… / github.com/synacktiv/CVE-…

The 2025 training season is here! 🚀 Join our best ninjas for 5-day sessions on pentesting, reverse-engineering, and forensics (in French). Check out all the dates and topics on our website: synacktiv.com/offres/formati…

Save the date, la seconde édition de #WineRump aura lieu: 🗓️ le vendredi 26/09/2025 📍à Bordeaux #WineRump c'est une conférence de cybersécurité avec des rumps, du vin et du jus de raisin dans une guinguette

Hunters International RaaS group has claimed 280+ victims since Oct 2023. Check out our latest blog post on the TTPs they use, including SMOKEDHAM malvertising & ESXi ransomware with advanced obfuscation. #RaaS #CyberSecurity #ThreatAnalysis synacktiv.com/en/publication…

PagedOut! #6 magazine is out! This edition features two articles from our ninjas: - Implicit Unicode behaviors in database string functions - Calling Rust from Python: A story of bindings Dive into their insights here: pagedout.institute

In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. F4b took a long journey down a rabbit hole to understand its root cause. synacktiv.com/en/publication…

Don't miss our 2 trainings 😉 🍎 iOS for Security Engineers ☁️ Azure intrusion for red teamers

Here we are! Come by our booth and say hi 😀 #OffensiveCon

The "Objective-C helper" IDA plugin presented during the Sthack talk "Demystifying Objective-C internals" given by vic is now publicly available on GitHub at github.com/synacktiv/objc… The slides are also available on our website: synacktiv.com/sites/default/…

If you are planning to learn about iOS, don't miss this training. Quentin and Etienne are exceptional researchers. No CVE ≠ no 0-days 😉😇

🚨 Still a few days to register for our Azure Intrusion for Red Teamers training at #BHUSA! Very hands-on, full kill chain from zero to Global Admin with stealth in mind. Secure your seat now! blackhat.com/us-25/training…

While performing security research on IoT control applications, Areizen and Cyp discovered critical vulnerabilities in the mobile app for the Eachine E58 drone. These flaws could potentially lead to remote code execution on the user's smartphone. synacktiv.com/en/publication…

Ever thought your kitchen appliance could harbor a persistent threat? We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass. Discover our step-by-step breakdown! synacktiv.com/en/publication…

🚨 Still a few seats left for our iOS for Security Engineers training at #HEXACON2025! 4‑day hands-on labs to explore the iOS ecosystem and prepare for vulnerability research. 📍 Paris, Oct 6‑9 ➡️ hexacon.fr/trainer/meffre…

Not their best picture but definitely THE best hands-on iOS training! Come and see for yourself how Etienne and Quentin master iOS! ⚠️ Warning, risk of massive skills overflow ⚠️

That's a wrap on our Azure Intrusion for Red Teamers training at #BHUSA! 4 intense days from zero to Global Admin via Entra ID, M365, resources, DevOps, Intune & more 🔥 Huge thanks to all our participants and next stop: #HEXACON2025, Paris, Oct 6 🇫🇷

🔥 A few hours ago our experts took the stage at #DEFCON33, sharing cutting-edge research on SCCM exploitation and modern GPO attacks in Active Directory. Proud of the team! 🙌 cc kalimero Quentin Roland Wil