Yay Samba patched CVE-2022-32742! This was a funky memory leak in SMBv1. Had fun digging into the codebase, I never knew this project was so huge. Kudos to the devs! samba.org/samba/security…

🔥 1/ sstic.org/media/SSTIC202… by cbayet paulfariello ✏️ - The most complete and recent overview of the Windows Kernel Segment Heap from an exploitation perspective.

[ZDI-22-1077|CVE-2022-34699] (Pwn2Own) Microsoft Windows win32kbase Use-After-Free Privilege Escalation Vulnerability (CVSS 8.8; Credit: @brunopujos) zerodayinitiative.com/advisories/ZDI…

FreeBSD 11.0-13.0 LPE via aio_aqueue Kernel Refcount Bug accessvector.net/2022/freebsd-a…

I wrote a post on some talks of Hexacon #HEXACON2022 incl. links to slide decks which are already published: theinternetprotocolblog.wordpress.com/2022/10/17/hex…

Cool is an understatement! #Pwn2Own #P2OToronto

Very well done! It’s too bad it was patched before the competition… I spent some time on it, but could not find a proper cJson mem leak…

[ZDI-23-094|CVE-2022-43634] Netatalk dsi_writeinit Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 9.8; Credit: Synacktiv) zerodayinitiative.com/advisories/ZDI…

Yay, the Netatalk pre-auth bug we used during #Pwn2Own Austin 2021 has been disclosed! Be ready for the upcoming exploit/write-up and its funkiest TCP shenanigans zerodayinitiative.com/advisories/ZDI…

[ZDI-23-112|CVE-2022-29844] (Pwn2Own) Western Digital MyCloud PR4100 FTP Server Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: @johncool__) zerodayinitiative.com/advisories/ZDI…

Ninja tricks to abuse TCP stacks and pwn NAS! Check out our #Pwn2Own Netatalk exploit by Etienne, johncool and cbayet! synacktiv.com/publications/e…

At #Pwn2Own Toronto, @johncool__ earned $40K by exploiting the @westerndigital My Cloud Pro Series PR4100 with a classic buffer overflow. Now that it's patched (CVE-2022-29844), he provides the details of his research on our blog. Read all about it at zerodayinitiative.com/blog/2023/4/19…

Excellent writeup on obtaining root command execution on Netatalk daemon on Western Digital MyCloudHom NAS. credits: Etienne Helluy-Lafont and Luca Moro (Synacktiv) synacktiv.com/en/publication… #cybersecurity

The second batch for GreHack 2023 was launched today, and guess what: tickets sold out in minutes 🫣. But lucky you, we had reserved 2 tickets for you! 🤩 👉 Retweet and comment by telling us what motivates you to go to the conference. Random draw Monday lunchtime, we'll

Because I would love to see the magnificent cbayet on stage (and @swapgs (and the other one too))

Thank you everyone for this amazing second edition! We hope you all had a blast and all the team is already eager to see you all next year for #HEXACON2024 🚀

Welcome to cbayet who is joining REverse Tactics for handling exciting security challenges and discovering new vulnerabilities!

New year, new adventure for me REverse_Tactics ! A lot of work to come, but hopefully lots of vulnerabilities and exploits ! Feel free to DM me to discuss or leak your bugs 🥸

We are hiring offensive security researchers Apple! We are looking for experienced profiles in a variety of fields. Learn more here: jobs.apple.com/en-us/details/… You are into Kernel or Userland Vulnerability Research? My team would love to hear from you! DM me if you have questions