Have something to share? Don't forget to submit your lightning talk at [email protected] you might win our specially crafted Hexacon Champagne Cuvée 2023 #HEXACON2023 🍾

Ready for tomorrow? #HEXACON2023

#HEXACON2023 has officially started with the traditional keynote given by our very own Renaud Feil, CEO of Synacktiv

Thank you everyone for this amazing second edition! We hope you all had a blast and all the team is already eager to see you all next year for #HEXACON2024 🚀

To facilitate reverse-engineering of large programs, vulnerability research and root-cause analysis on iOS, Android, and other major platforms, myr and Hexa released Frinet, a tool combining Frida with an enhanced version of Tenet. synacktiv.com/publications/f…

That’s a wrap for Day 2 of #Pwn2Own Automotive. We’ve already awarded over $1,000,000 in prizes this week (¥150 million!) Tune back in tomorrow here or at the ZDI blog for the final day of the contest! Here are the current standings leading into the final day:

Congratulations to our ninja Remsio for making it to the 4th place with his research about error-based oracles using PHP filter chains!

The Synacktiv ninjas are ready for the karen! 🥷 Come and meet us at Booth N°D45. We’re excited to share our expertise and discuss your challenges and the latest trends in cybersecurity. See you there! 👋 #InCyber2024

Our ninjas Romaiη  and Dvorhack are on stage for #CyberOnBoard!

If you ever get authenticated access on a Commvault CommServe web console < 11.34, you might be able to elevate privileges and execute remote commands. Check out how in the advisory by Guillaume André and Hugo Clout! synacktiv.com/advisories/dan…

Our ninjas have been busy this weekend! The team solved all the challenges during #HTB #CyberApocalypse24, giving them 3rd place for now, while F4b scored the THConvention pre-challenge. Congratz! 🔥

During a security assessment on Ricoh Device Manager NX, our ninja kalimero uncovered multiple vulnerabilities. When combined, these flaws could allow attackers to gain remote code execution on the server. Read the details in our advisory: synacktiv.com/sites/default/…

Synacktiv is looking for an additional team leader for its Reverse-Engineering Team! Find out if you are a good candidate by reading our offer (🇫🇷). synacktiv.com/responsable-de…

Sometimes you just need to abuse functionalities to be a ninja! Discover how Collabora Online could be abused to conduct SSRFs and steal your cloud secrets. synacktiv.com/en/advisories/…

Don't forget, karen is next week, come meet us at booth D45! #InCyber2024

The team is getting ready for the next #Pwn2Own with some good stuff, stay tuned 😉

Ever faced a WAF/EDR while exploiting a Java deserialization? Checkout our latest blogpost by Load. for a stealthier exploitation, exfiltration and persistence by diving deep into translets, transformers and more! synacktiv.com/publications/j…

Following our recent research on PHP filter chains, our ninjas Remsio and Raphaël Lob found two arbitrary file leaks affecting the MISP project < 2.4.187. If you are intrigued by this kind of exploitation, take a look at: synacktiv.com/advisories/mis…

If you're a regular Velociraptor user or just looking for a flexible forensic tool, come and discover how Velociraptor's new features make forensic analysis of VMware ESXi hypervisor possible. synacktiv.com/publications/v…

We're at THConvention! For our first talk, JB Cayrou will explain how he tried to exploit a nice bug in Ubuntu ShiftFS 🔥