Azure intrusion for red teamers by Paul Barbé & Matthieu Barjole (aevy) hexacon.fr/trainer/barbe_…

Nous sommes heureux d'ajouter une année supplémentaire à notre partenariat historique avec Synacktiv et les remercions pour leur confiance !

Boom! Thomas Bouzerar (Major_Tom) and Etienne Helluy-Lafont from Synacktiv (Synacktiv) close out #Pwn2Own in style with a guest-to-host escape in VMware Workstation. If confirmed, it will put the total contest payout at over $1,000,000! #Pwn2Own

Confirmed! Thomas Bouzerar (Major_Tom) and Etienne Helluy-Lafont from Synacktiv (Synacktiv) used a heap-based buffer overflow to exploit #VMware Workstation. They earn $80,000 and 8 Master of Pwn points - sending the contest to over $1,000,000 total! #Pwn2Own

📣 Prochain Bière&Sécu Toulouse le mardi 10 juin ! 🗓️ RDV au Rooster and Beer à partir de 18h30 👉 Framadate: framadate.org/M8dPvbvdQNgL1i… 🗣️ Contactez-nous si vous avez des sujets à présenter via Twitter, Bluesky ou Discord !

❤️Synacktiv is sponsoring the 2025 edition !

Want to attend @Sthack? Synacktiv is giving away 2 tickets to the event! 🔥 📍 When: May 23 📌 Where: Bordeaux, Cité du Vin 👉 To enter: Like and comment on this post. The two fastest will win the tickets!

The last Sthack talk was David B talking about the Tesla WallConnector ⚡️

🎉 Clap de fin pour l’édition 2025 du CTF InterIUT ! 🎉 Le classement s’est joué à quelques points près et les retournements de situation ont été nombreux jusqu’aux dernières minutes ! Félicitation à tous les participants !

We are at SSTIC! If you want to have a chat, our ninjas are easy to spot 🥷

For our first talk, Ambre presents her previous research about firmware images identification #SSTIC2025

It's already #SSTIC2025 day 2! Rémi J. and us3r present the Windows kernel shadow stack mitigation 🪟

For our second talk of the day, Florian presents Mofos, a virtual machines manipulation framework to mimic QubesOS on a standard Linux distribution #SSTIC2025

It's now time for aevy and Paul Barbe to present Azure conditional access policies ☁️ #SSTIC2025

For the final talk of the Synacktiv track, Antoine Gql and Oposs give a retex on post-quantum cryptography #SSTIC2025

We also gave a few short talks to end the day! #SSTIC2025

We still have a few talks for #SSTIC2025 last day! This morning, Hugo Clout presents 2 proxy tools used during pentests 🌐

lightyear just got 6 times faster! Although I now work at Synacktiv, I proposed a PR for the tool to support threading and compression, greatly reducing the time required to dump a file. Dumping the demo /etc/passwd now takes 48s instead of 5m30. github.com/ambionics/ligh…

This weekend, for the Midnight Flag CTF final, I created a web challenge called JavaNote, which asked players to modify the ysoserial tool to do something other than execute a command, you can read the write-up here: worty.fr/post/writeups/… Congratulations again to all the players!

Our experts took the stage at Pass the SALT Conference yesterday and this morning to present their latest offensive security research and tools! Keycloak, named pipes MITM and more! Slides and recordings coming soon 👀