🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

It's Barbhack time! Quentin Roland is on stage to present OU exploitation in AD environments.

Just wrapped up two fantastic training sessions at #Hexacon! A big thank you to everyone who joined us for our deep dives into Active Directory/Azure and iOS internals. It was great to share knowledge and learn together!

EKUwu Blog - trustedsec.com/blog/ekuwu-not…

GITHUB ACTIONS EXPLOITATION: SELF HOSTED RUNNERS - Hugow synacktiv.com/publications/g…

Oh, you didn't know? Cool kids are now relaying Kerberos over SMB 😏 Check out our latest blogpost by Hugow to discover how to perform this attack: synacktiv.com/publications/r…

You can now relay any protocol to SMB over Kerberos with krbrelayx.py and the latest PRs from Hugow. Thanks Dirk-jan for merging it! Here is an example from SMB to SMB:

You can now use LDAP/LDAPs protocols with the SOCKS proxy of ntlmrelayx thanks to the PR from Pierre Milioni (now merged upstream). Here is an example with ldeep using relayed authentication from HTTP to LDAPs :

A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by kalimero. synacktiv.com/advisories/mic…

Yay! Our offensive Azure training was accepted at BlackHat USA 2025 🥳 Can't wait to see you there and share cutting-edge techniques for attacking Azure environments!

We've just updated our training catalog to include the latest additions, including a brand new course on ransomware investigations! Find all the dates and details at synacktiv.com/en/offers/trai…

In our latest article, Quentin Roland and Scaum demonstrate a trick allowing to make Windows SMB clients fall back to WebDav HTTP authentication, enhancing the NTLM and Kerberos relaying capabilities of multicast poisoning attacks! synacktiv.com/publications/t…

Thanks to @synacktiv's recent posts about Kerberos synacktiv.com/en/publication… and recent PR's Dirk-jan 's krbrelayx.py tool it made me realize ELEVATE-2 is still in play where client push installation is in use.

Want to master cutting-edge techniques for attacking Azure? Join us this summer at Black Hat in Vegas for a deep dive into red teaming on Azure, M365, Azure DevOps, and hybrid infrastructures. Early bird tickets available until May 23rd! blackhat.com/us-25/training…

🚀 This week, Us3r777 & Pierre kick off our new Whitebox Vulnerability Research training! Students will dive into PHP, Java, and .NET, analyzing & exploiting 1-day vulnerabilities. Let’s get started! 💻🔍

Got SCCM? You need to hear this! At #x33fcon, kalimero will share insights from his SCCM research, including tradecraft from real-world attacks and a critical unauthenticated SQL injection discovery (CVE-2024-43468). Essential for anyone managing or defending SCCM! Learn

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

Check out how I discover CVE-2025-33073 : RCE with NTLM reflectiv attack allowing authenticated user to compromise any machine without SMB signing enforced !

I'm not sure everyone realizes it, but as it stands, if you have an Active Directory with default configurations, any machine (except DCs) that hasn't applied the June 10 patch can be compromised by any domain user.

Excellent article from Synacktiv detailing CVE-2025-33073. It's an easy peasy LPE on any server where SMB signing is not enforced. I have already replicated it and works a charm. If you still aren't enforcing SMB signing... what are you doing?! Harden your environment & patch!

Our ninja kalimero is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the critical CVE-2024-43468 and the post-exploitation opportunities🔥