🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Got access to a #CICD environment? Check out our latest article by Théo Louis-Tisserand and Hugow to loot all the secrets that are supposed to be securely stored in pipelines and meet Nord Stream, a new tool developed to automate the extraction process! synacktiv.com/publications/c…

During a security assessment, our ninjas kalimero and Us3r777 found multiple vulnerabilities on the DELMIA Apriso software: CVE-2023-2141: an unsafe deserialization CVE-2023-2140: a pre-auth SSRF CVE-2023-2139: a reflected XSS synacktiv.com/sites/default/…

Have you ever wanted to extract, decode and decrypt all NTDS.dit data? We are glad to share with you a new tool: ntdissector by kalimero and Julien Legras, powered by the awesome lib dissect.esedb from Fox-IT! More info in the blogpost: synacktiv.com/publications/i…

Last sponsor we want to introduce is a special one: it's Synacktiv, the company organizing #HEXACON2023. Leader in offensive security, Synacktiv helps companies assess their networks's security. There will be a lot of ninjas in the conference, feel free to talk to them! 🤗

Bored of managing multiple proxychains configurations? Hugo Clout developed bbs, a swiss army knife proxy manager for red teamers! The project is available on our GitHub: github.com/synacktiv/bbs

Ever faced a WAF/EDR while exploiting a Java deserialization? Checkout our latest blogpost by Load. for a stealthier exploitation, exfiltration and persistence by diving deep into translets, transformers and more! synacktiv.com/publications/j…

And since good news never come alone, we also have 4 talks accepted for SSTIC! GG Julien Legras, kalimero, Hugow, myr and Hexa 👏 sstic.org/2024/programme/

Optimize your password spraying attacks & defenses by checking our latest blogpost on the Banned Password Lists (BPL) mechanism of Entra ID Password Protection: synacktiv.com/en/publication…

Want to know how deleted photos reappeared in iOS 17.5? Check out today's blogpost by Lefnui 🍎 synacktiv.com/publications/i…

WHFB on an Entra ID enrolled laptop? Dig with t0 ,@yofbalibump and Rémi J. on the cache mechanisms in place ! synacktiv.com/publications/w…

It's #SSTIC second day and Hugow presents how to exploit Github Actions ⚙️

In our latest blogpost, Quentin Roland explores the inner workings of SCCM policies and introduces SCCMSecrets.py, a tool targeting secret policies in order to exploit misconfigurations, harvest credentials, and pivot across collections by impersonating legitimate clients.

Something interesting I found in SCCM remote control. netero1010-securitylab.com/red-team/abuse…

A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by kalimero. synacktiv.com/advisories/mic…

Got SCCM? You need to hear this! At #x33fcon, kalimero will share insights from his SCCM research, including tradecraft from real-world attacks and a critical unauthenticated SQL injection discovery (CVE-2024-43468). Essential for anyone managing or defending SCCM! Learn

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

Our ninja kalimero is now on stage at #x33fcon to talk about his journey from dissecting SCCM until the discovery of the critical CVE-2024-43468 and the post-exploitation opportunities🔥

"Owning #SCCM: A Journey from #Research to Critical Discovery" presented by kalimero - #x33fcon #windows #red - github.com/synacktiv/sccm…

👀

SCCM’s Management Points can leak more than you’d expect. Garrett shows how Network Access Accounts, Task Sequences, and Collection Settings can be stolen by relaying a remote Management Point to the site database. Check it out ⬇️ ghst.ly/4eNLaHU